crypto.c (28398B)
1 /* 2 * QEMU block full disk encryption 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 23 #include "block/block_int.h" 24 #include "block/qdict.h" 25 #include "sysemu/block-backend.h" 26 #include "crypto/block.h" 27 #include "qapi/opts-visitor.h" 28 #include "qapi/qapi-visit-crypto.h" 29 #include "qapi/qobject-input-visitor.h" 30 #include "qapi/error.h" 31 #include "qemu/module.h" 32 #include "qemu/option.h" 33 #include "qemu/cutils.h" 34 #include "qemu/memalign.h" 35 #include "crypto.h" 36 37 typedef struct BlockCrypto BlockCrypto; 38 39 struct BlockCrypto { 40 QCryptoBlock *block; 41 bool updating_keys; 42 }; 43 44 45 static int block_crypto_probe_generic(QCryptoBlockFormat format, 46 const uint8_t *buf, 47 int buf_size, 48 const char *filename) 49 { 50 if (qcrypto_block_has_format(format, buf, buf_size)) { 51 return 100; 52 } else { 53 return 0; 54 } 55 } 56 57 58 static int block_crypto_read_func(QCryptoBlock *block, 59 size_t offset, 60 uint8_t *buf, 61 size_t buflen, 62 void *opaque, 63 Error **errp) 64 { 65 BlockDriverState *bs = opaque; 66 ssize_t ret; 67 68 ret = bdrv_pread(bs->file, offset, buflen, buf, 0); 69 if (ret < 0) { 70 error_setg_errno(errp, -ret, "Could not read encryption header"); 71 return ret; 72 } 73 return 0; 74 } 75 76 static int block_crypto_write_func(QCryptoBlock *block, 77 size_t offset, 78 const uint8_t *buf, 79 size_t buflen, 80 void *opaque, 81 Error **errp) 82 { 83 BlockDriverState *bs = opaque; 84 ssize_t ret; 85 86 ret = bdrv_pwrite(bs->file, offset, buflen, buf, 0); 87 if (ret < 0) { 88 error_setg_errno(errp, -ret, "Could not write encryption header"); 89 return ret; 90 } 91 return 0; 92 } 93 94 95 struct BlockCryptoCreateData { 96 BlockBackend *blk; 97 uint64_t size; 98 PreallocMode prealloc; 99 }; 100 101 102 static int block_crypto_create_write_func(QCryptoBlock *block, 103 size_t offset, 104 const uint8_t *buf, 105 size_t buflen, 106 void *opaque, 107 Error **errp) 108 { 109 struct BlockCryptoCreateData *data = opaque; 110 ssize_t ret; 111 112 ret = blk_pwrite(data->blk, offset, buflen, buf, 0); 113 if (ret < 0) { 114 error_setg_errno(errp, -ret, "Could not write encryption header"); 115 return ret; 116 } 117 return 0; 118 } 119 120 static int block_crypto_create_init_func(QCryptoBlock *block, 121 size_t headerlen, 122 void *opaque, 123 Error **errp) 124 { 125 struct BlockCryptoCreateData *data = opaque; 126 Error *local_error = NULL; 127 int ret; 128 129 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { 130 ret = -EFBIG; 131 goto error; 132 } 133 134 /* User provided size should reflect amount of space made 135 * available to the guest, so we must take account of that 136 * which will be used by the crypto header 137 */ 138 ret = blk_truncate(data->blk, data->size + headerlen, false, 139 data->prealloc, 0, &local_error); 140 141 if (ret >= 0) { 142 return 0; 143 } 144 145 error: 146 if (ret == -EFBIG) { 147 /* Replace the error message with a better one */ 148 error_free(local_error); 149 error_setg(errp, "The requested file size is too large"); 150 } else { 151 error_propagate(errp, local_error); 152 } 153 154 return ret; 155 } 156 157 158 static QemuOptsList block_crypto_runtime_opts_luks = { 159 .name = "crypto", 160 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks.head), 161 .desc = { 162 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 163 { /* end of list */ } 164 }, 165 }; 166 167 168 static QemuOptsList block_crypto_create_opts_luks = { 169 .name = "crypto", 170 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 171 .desc = { 172 { 173 .name = BLOCK_OPT_SIZE, 174 .type = QEMU_OPT_SIZE, 175 .help = "Virtual disk size" 176 }, 177 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""), 178 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""), 179 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""), 180 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""), 181 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""), 182 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""), 183 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 184 { /* end of list */ } 185 }, 186 }; 187 188 189 static QemuOptsList block_crypto_amend_opts_luks = { 190 .name = "crypto", 191 .head = QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks.head), 192 .desc = { 193 BLOCK_CRYPTO_OPT_DEF_LUKS_STATE(""), 194 BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(""), 195 BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET(""), 196 BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET(""), 197 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""), 198 { /* end of list */ } 199 }, 200 }; 201 202 QCryptoBlockOpenOptions * 203 block_crypto_open_opts_init(QDict *opts, Error **errp) 204 { 205 Visitor *v; 206 QCryptoBlockOpenOptions *ret; 207 208 v = qobject_input_visitor_new_flat_confused(opts, errp); 209 if (!v) { 210 return NULL; 211 } 212 213 visit_type_QCryptoBlockOpenOptions(v, NULL, &ret, errp); 214 215 visit_free(v); 216 return ret; 217 } 218 219 220 QCryptoBlockCreateOptions * 221 block_crypto_create_opts_init(QDict *opts, Error **errp) 222 { 223 Visitor *v; 224 QCryptoBlockCreateOptions *ret; 225 226 v = qobject_input_visitor_new_flat_confused(opts, errp); 227 if (!v) { 228 return NULL; 229 } 230 231 visit_type_QCryptoBlockCreateOptions(v, NULL, &ret, errp); 232 233 visit_free(v); 234 return ret; 235 } 236 237 QCryptoBlockAmendOptions * 238 block_crypto_amend_opts_init(QDict *opts, Error **errp) 239 { 240 Visitor *v; 241 QCryptoBlockAmendOptions *ret; 242 243 v = qobject_input_visitor_new_flat_confused(opts, errp); 244 if (!v) { 245 return NULL; 246 } 247 248 visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp); 249 250 visit_free(v); 251 return ret; 252 } 253 254 255 static int block_crypto_open_generic(QCryptoBlockFormat format, 256 QemuOptsList *opts_spec, 257 BlockDriverState *bs, 258 QDict *options, 259 int flags, 260 Error **errp) 261 { 262 BlockCrypto *crypto = bs->opaque; 263 QemuOpts *opts = NULL; 264 int ret; 265 QCryptoBlockOpenOptions *open_opts = NULL; 266 unsigned int cflags = 0; 267 QDict *cryptoopts = NULL; 268 269 ret = bdrv_open_file_child(NULL, options, "file", bs, errp); 270 if (ret < 0) { 271 return ret; 272 } 273 274 bs->supported_write_flags = BDRV_REQ_FUA & 275 bs->file->bs->supported_write_flags; 276 277 opts = qemu_opts_create(opts_spec, NULL, 0, &error_abort); 278 if (!qemu_opts_absorb_qdict(opts, options, errp)) { 279 ret = -EINVAL; 280 goto cleanup; 281 } 282 283 cryptoopts = qemu_opts_to_qdict(opts, NULL); 284 qdict_put_str(cryptoopts, "format", QCryptoBlockFormat_str(format)); 285 286 open_opts = block_crypto_open_opts_init(cryptoopts, errp); 287 if (!open_opts) { 288 ret = -EINVAL; 289 goto cleanup; 290 } 291 292 if (flags & BDRV_O_NO_IO) { 293 cflags |= QCRYPTO_BLOCK_OPEN_NO_IO; 294 } 295 crypto->block = qcrypto_block_open(open_opts, NULL, 296 block_crypto_read_func, 297 bs, 298 cflags, 299 1, 300 errp); 301 302 if (!crypto->block) { 303 ret = -EIO; 304 goto cleanup; 305 } 306 307 bs->encrypted = true; 308 309 ret = 0; 310 cleanup: 311 qobject_unref(cryptoopts); 312 qapi_free_QCryptoBlockOpenOptions(open_opts); 313 return ret; 314 } 315 316 317 static int block_crypto_co_create_generic(BlockDriverState *bs, 318 int64_t size, 319 QCryptoBlockCreateOptions *opts, 320 PreallocMode prealloc, 321 Error **errp) 322 { 323 int ret; 324 BlockBackend *blk; 325 QCryptoBlock *crypto = NULL; 326 struct BlockCryptoCreateData data; 327 328 blk = blk_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE, BLK_PERM_ALL, 329 errp); 330 if (!blk) { 331 ret = -EPERM; 332 goto cleanup; 333 } 334 335 if (prealloc == PREALLOC_MODE_METADATA) { 336 prealloc = PREALLOC_MODE_OFF; 337 } 338 339 data = (struct BlockCryptoCreateData) { 340 .blk = blk, 341 .size = size, 342 .prealloc = prealloc, 343 }; 344 345 crypto = qcrypto_block_create(opts, NULL, 346 block_crypto_create_init_func, 347 block_crypto_create_write_func, 348 &data, 349 errp); 350 351 if (!crypto) { 352 ret = -EIO; 353 goto cleanup; 354 } 355 356 ret = 0; 357 cleanup: 358 qcrypto_block_free(crypto); 359 blk_unref(blk); 360 return ret; 361 } 362 363 static int coroutine_fn 364 block_crypto_co_truncate(BlockDriverState *bs, int64_t offset, bool exact, 365 PreallocMode prealloc, BdrvRequestFlags flags, 366 Error **errp) 367 { 368 BlockCrypto *crypto = bs->opaque; 369 uint64_t payload_offset = 370 qcrypto_block_get_payload_offset(crypto->block); 371 372 if (payload_offset > INT64_MAX - offset) { 373 error_setg(errp, "The requested file size is too large"); 374 return -EFBIG; 375 } 376 377 offset += payload_offset; 378 379 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp); 380 } 381 382 static void block_crypto_close(BlockDriverState *bs) 383 { 384 BlockCrypto *crypto = bs->opaque; 385 qcrypto_block_free(crypto->block); 386 } 387 388 static int block_crypto_reopen_prepare(BDRVReopenState *state, 389 BlockReopenQueue *queue, Error **errp) 390 { 391 /* nothing needs checking */ 392 return 0; 393 } 394 395 /* 396 * 1 MB bounce buffer gives good performance / memory tradeoff 397 * when using cache=none|directsync. 398 */ 399 #define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024) 400 401 static coroutine_fn int 402 block_crypto_co_preadv(BlockDriverState *bs, int64_t offset, int64_t bytes, 403 QEMUIOVector *qiov, BdrvRequestFlags flags) 404 { 405 BlockCrypto *crypto = bs->opaque; 406 uint64_t cur_bytes; /* number of bytes in current iteration */ 407 uint64_t bytes_done = 0; 408 uint8_t *cipher_data = NULL; 409 QEMUIOVector hd_qiov; 410 int ret = 0; 411 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 412 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 413 414 assert(payload_offset < INT64_MAX); 415 assert(QEMU_IS_ALIGNED(offset, sector_size)); 416 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 417 418 qemu_iovec_init(&hd_qiov, qiov->niov); 419 420 /* Bounce buffer because we don't wish to expose cipher text 421 * in qiov which points to guest memory. 422 */ 423 cipher_data = 424 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 425 qiov->size)); 426 if (cipher_data == NULL) { 427 ret = -ENOMEM; 428 goto cleanup; 429 } 430 431 while (bytes) { 432 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 433 434 qemu_iovec_reset(&hd_qiov); 435 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 436 437 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done, 438 cur_bytes, &hd_qiov, 0); 439 if (ret < 0) { 440 goto cleanup; 441 } 442 443 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done, 444 cipher_data, cur_bytes, NULL) < 0) { 445 ret = -EIO; 446 goto cleanup; 447 } 448 449 qemu_iovec_from_buf(qiov, bytes_done, cipher_data, cur_bytes); 450 451 bytes -= cur_bytes; 452 bytes_done += cur_bytes; 453 } 454 455 cleanup: 456 qemu_iovec_destroy(&hd_qiov); 457 qemu_vfree(cipher_data); 458 459 return ret; 460 } 461 462 463 static coroutine_fn int 464 block_crypto_co_pwritev(BlockDriverState *bs, int64_t offset, int64_t bytes, 465 QEMUIOVector *qiov, BdrvRequestFlags flags) 466 { 467 BlockCrypto *crypto = bs->opaque; 468 uint64_t cur_bytes; /* number of bytes in current iteration */ 469 uint64_t bytes_done = 0; 470 uint8_t *cipher_data = NULL; 471 QEMUIOVector hd_qiov; 472 int ret = 0; 473 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 474 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); 475 476 flags &= ~BDRV_REQ_REGISTERED_BUF; 477 478 assert(payload_offset < INT64_MAX); 479 assert(QEMU_IS_ALIGNED(offset, sector_size)); 480 assert(QEMU_IS_ALIGNED(bytes, sector_size)); 481 482 qemu_iovec_init(&hd_qiov, qiov->niov); 483 484 /* Bounce buffer because we're not permitted to touch 485 * contents of qiov - it points to guest memory. 486 */ 487 cipher_data = 488 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, 489 qiov->size)); 490 if (cipher_data == NULL) { 491 ret = -ENOMEM; 492 goto cleanup; 493 } 494 495 while (bytes) { 496 cur_bytes = MIN(bytes, BLOCK_CRYPTO_MAX_IO_SIZE); 497 498 qemu_iovec_to_buf(qiov, bytes_done, cipher_data, cur_bytes); 499 500 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done, 501 cipher_data, cur_bytes, NULL) < 0) { 502 ret = -EIO; 503 goto cleanup; 504 } 505 506 qemu_iovec_reset(&hd_qiov); 507 qemu_iovec_add(&hd_qiov, cipher_data, cur_bytes); 508 509 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done, 510 cur_bytes, &hd_qiov, flags); 511 if (ret < 0) { 512 goto cleanup; 513 } 514 515 bytes -= cur_bytes; 516 bytes_done += cur_bytes; 517 } 518 519 cleanup: 520 qemu_iovec_destroy(&hd_qiov); 521 qemu_vfree(cipher_data); 522 523 return ret; 524 } 525 526 static void block_crypto_refresh_limits(BlockDriverState *bs, Error **errp) 527 { 528 BlockCrypto *crypto = bs->opaque; 529 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); 530 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */ 531 } 532 533 534 static int64_t block_crypto_getlength(BlockDriverState *bs) 535 { 536 BlockCrypto *crypto = bs->opaque; 537 int64_t len = bdrv_getlength(bs->file->bs); 538 539 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block); 540 assert(offset < INT64_MAX); 541 542 if (offset > len) { 543 return -EIO; 544 } 545 546 len -= offset; 547 548 return len; 549 } 550 551 552 static BlockMeasureInfo *block_crypto_measure(QemuOpts *opts, 553 BlockDriverState *in_bs, 554 Error **errp) 555 { 556 g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL; 557 Error *local_err = NULL; 558 BlockMeasureInfo *info; 559 uint64_t size; 560 size_t luks_payload_size; 561 QDict *cryptoopts; 562 563 /* 564 * Preallocation mode doesn't affect size requirements but we must consume 565 * the option. 566 */ 567 g_free(qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC)); 568 569 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 570 571 if (in_bs) { 572 int64_t ssize = bdrv_getlength(in_bs); 573 574 if (ssize < 0) { 575 error_setg_errno(&local_err, -ssize, 576 "Unable to get image virtual_size"); 577 goto err; 578 } 579 580 size = ssize; 581 } 582 583 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 584 &block_crypto_create_opts_luks, true); 585 qdict_put_str(cryptoopts, "format", "luks"); 586 create_opts = block_crypto_create_opts_init(cryptoopts, &local_err); 587 qobject_unref(cryptoopts); 588 if (!create_opts) { 589 goto err; 590 } 591 592 if (!qcrypto_block_calculate_payload_offset(create_opts, NULL, 593 &luks_payload_size, 594 &local_err)) { 595 goto err; 596 } 597 598 /* 599 * Unallocated blocks are still encrypted so allocation status makes no 600 * difference to the file size. 601 */ 602 info = g_new0(BlockMeasureInfo, 1); 603 info->fully_allocated = luks_payload_size + size; 604 info->required = luks_payload_size + size; 605 return info; 606 607 err: 608 error_propagate(errp, local_err); 609 return NULL; 610 } 611 612 613 static int block_crypto_probe_luks(const uint8_t *buf, 614 int buf_size, 615 const char *filename) { 616 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 617 buf, buf_size, filename); 618 } 619 620 static int block_crypto_open_luks(BlockDriverState *bs, 621 QDict *options, 622 int flags, 623 Error **errp) 624 { 625 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS, 626 &block_crypto_runtime_opts_luks, 627 bs, options, flags, errp); 628 } 629 630 static int coroutine_fn 631 block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp) 632 { 633 BlockdevCreateOptionsLUKS *luks_opts; 634 BlockDriverState *bs = NULL; 635 QCryptoBlockCreateOptions create_opts; 636 PreallocMode preallocation = PREALLOC_MODE_OFF; 637 int ret; 638 639 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); 640 luks_opts = &create_options->u.luks; 641 642 bs = bdrv_open_blockdev_ref(luks_opts->file, errp); 643 if (bs == NULL) { 644 return -EIO; 645 } 646 647 create_opts = (QCryptoBlockCreateOptions) { 648 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 649 .u.luks = *qapi_BlockdevCreateOptionsLUKS_base(luks_opts), 650 }; 651 652 if (luks_opts->has_preallocation) { 653 preallocation = luks_opts->preallocation; 654 } 655 656 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, 657 preallocation, errp); 658 if (ret < 0) { 659 goto fail; 660 } 661 662 ret = 0; 663 fail: 664 bdrv_unref(bs); 665 return ret; 666 } 667 668 static int coroutine_fn block_crypto_co_create_opts_luks(BlockDriver *drv, 669 const char *filename, 670 QemuOpts *opts, 671 Error **errp) 672 { 673 QCryptoBlockCreateOptions *create_opts = NULL; 674 BlockDriverState *bs = NULL; 675 QDict *cryptoopts; 676 PreallocMode prealloc; 677 char *buf = NULL; 678 int64_t size; 679 int ret; 680 Error *local_err = NULL; 681 682 /* Parse options */ 683 size = qemu_opt_get_size_del(opts, BLOCK_OPT_SIZE, 0); 684 685 buf = qemu_opt_get_del(opts, BLOCK_OPT_PREALLOC); 686 prealloc = qapi_enum_parse(&PreallocMode_lookup, buf, 687 PREALLOC_MODE_OFF, &local_err); 688 g_free(buf); 689 if (local_err) { 690 error_propagate(errp, local_err); 691 return -EINVAL; 692 } 693 694 cryptoopts = qemu_opts_to_qdict_filtered(opts, NULL, 695 &block_crypto_create_opts_luks, 696 true); 697 698 qdict_put_str(cryptoopts, "format", "luks"); 699 create_opts = block_crypto_create_opts_init(cryptoopts, errp); 700 if (!create_opts) { 701 ret = -EINVAL; 702 goto fail; 703 } 704 705 /* Create protocol layer */ 706 ret = bdrv_create_file(filename, opts, errp); 707 if (ret < 0) { 708 goto fail; 709 } 710 711 bs = bdrv_open(filename, NULL, NULL, 712 BDRV_O_RDWR | BDRV_O_RESIZE | BDRV_O_PROTOCOL, errp); 713 if (!bs) { 714 ret = -EINVAL; 715 goto fail; 716 } 717 718 /* Create format layer */ 719 ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp); 720 if (ret < 0) { 721 goto fail; 722 } 723 724 ret = 0; 725 fail: 726 /* 727 * If an error occurred, delete 'filename'. Even if the file existed 728 * beforehand, it has been truncated and corrupted in the process. 729 */ 730 if (ret) { 731 bdrv_co_delete_file_noerr(bs); 732 } 733 734 bdrv_unref(bs); 735 qapi_free_QCryptoBlockCreateOptions(create_opts); 736 qobject_unref(cryptoopts); 737 return ret; 738 } 739 740 static int block_crypto_get_info_luks(BlockDriverState *bs, 741 BlockDriverInfo *bdi) 742 { 743 BlockDriverInfo subbdi; 744 int ret; 745 746 ret = bdrv_get_info(bs->file->bs, &subbdi); 747 if (ret != 0) { 748 return ret; 749 } 750 751 bdi->cluster_size = subbdi.cluster_size; 752 753 return 0; 754 } 755 756 static ImageInfoSpecific * 757 block_crypto_get_specific_info_luks(BlockDriverState *bs, Error **errp) 758 { 759 BlockCrypto *crypto = bs->opaque; 760 ImageInfoSpecific *spec_info; 761 QCryptoBlockInfo *info; 762 763 info = qcrypto_block_get_info(crypto->block, errp); 764 if (!info) { 765 return NULL; 766 } 767 assert(info->format == Q_CRYPTO_BLOCK_FORMAT_LUKS); 768 769 spec_info = g_new(ImageInfoSpecific, 1); 770 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; 771 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); 772 *spec_info->u.luks.data = info->u.luks; 773 774 /* Blank out pointers we've just stolen to avoid double free */ 775 memset(&info->u.luks, 0, sizeof(info->u.luks)); 776 777 qapi_free_QCryptoBlockInfo(info); 778 779 return spec_info; 780 } 781 782 static int 783 block_crypto_amend_prepare(BlockDriverState *bs, Error **errp) 784 { 785 BlockCrypto *crypto = bs->opaque; 786 int ret; 787 788 /* apply for exclusive read/write permissions to the underlying file */ 789 crypto->updating_keys = true; 790 ret = bdrv_child_refresh_perms(bs, bs->file, errp); 791 if (ret < 0) { 792 /* Well, in this case we will not be updating any keys */ 793 crypto->updating_keys = false; 794 } 795 return ret; 796 } 797 798 static void 799 block_crypto_amend_cleanup(BlockDriverState *bs) 800 { 801 BlockCrypto *crypto = bs->opaque; 802 Error *errp = NULL; 803 804 /* release exclusive read/write permissions to the underlying file */ 805 crypto->updating_keys = false; 806 bdrv_child_refresh_perms(bs, bs->file, &errp); 807 808 if (errp) { 809 error_report_err(errp); 810 } 811 } 812 813 static int 814 block_crypto_amend_options_generic_luks(BlockDriverState *bs, 815 QCryptoBlockAmendOptions *amend_options, 816 bool force, 817 Error **errp) 818 { 819 BlockCrypto *crypto = bs->opaque; 820 821 assert(crypto); 822 assert(crypto->block); 823 824 return qcrypto_block_amend_options(crypto->block, 825 block_crypto_read_func, 826 block_crypto_write_func, 827 bs, 828 amend_options, 829 force, 830 errp); 831 } 832 833 static int 834 block_crypto_amend_options_luks(BlockDriverState *bs, 835 QemuOpts *opts, 836 BlockDriverAmendStatusCB *status_cb, 837 void *cb_opaque, 838 bool force, 839 Error **errp) 840 { 841 BlockCrypto *crypto = bs->opaque; 842 QDict *cryptoopts = NULL; 843 QCryptoBlockAmendOptions *amend_options = NULL; 844 int ret = -EINVAL; 845 846 assert(crypto); 847 assert(crypto->block); 848 849 cryptoopts = qemu_opts_to_qdict(opts, NULL); 850 qdict_put_str(cryptoopts, "format", "luks"); 851 amend_options = block_crypto_amend_opts_init(cryptoopts, errp); 852 qobject_unref(cryptoopts); 853 if (!amend_options) { 854 goto cleanup; 855 } 856 857 ret = block_crypto_amend_prepare(bs, errp); 858 if (ret) { 859 goto perm_cleanup; 860 } 861 ret = block_crypto_amend_options_generic_luks(bs, amend_options, 862 force, errp); 863 864 perm_cleanup: 865 block_crypto_amend_cleanup(bs); 866 cleanup: 867 qapi_free_QCryptoBlockAmendOptions(amend_options); 868 return ret; 869 } 870 871 static int 872 coroutine_fn block_crypto_co_amend_luks(BlockDriverState *bs, 873 BlockdevAmendOptions *opts, 874 bool force, 875 Error **errp) 876 { 877 QCryptoBlockAmendOptions amend_opts; 878 879 amend_opts = (QCryptoBlockAmendOptions) { 880 .format = Q_CRYPTO_BLOCK_FORMAT_LUKS, 881 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks), 882 }; 883 return block_crypto_amend_options_generic_luks(bs, &amend_opts, 884 force, errp); 885 } 886 887 static void 888 block_crypto_child_perms(BlockDriverState *bs, BdrvChild *c, 889 const BdrvChildRole role, 890 BlockReopenQueue *reopen_queue, 891 uint64_t perm, uint64_t shared, 892 uint64_t *nperm, uint64_t *nshared) 893 { 894 895 BlockCrypto *crypto = bs->opaque; 896 897 bdrv_default_perms(bs, c, role, reopen_queue, perm, shared, nperm, nshared); 898 899 /* 900 * For backward compatibility, manually share the write 901 * and resize permission 902 */ 903 *nshared |= shared & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 904 /* 905 * Since we are not fully a format driver, don't always request 906 * the read/resize permission but only when explicitly 907 * requested 908 */ 909 *nperm &= ~(BLK_PERM_WRITE | BLK_PERM_RESIZE); 910 *nperm |= perm & (BLK_PERM_WRITE | BLK_PERM_RESIZE); 911 912 /* 913 * This driver doesn't modify LUKS metadata except 914 * when updating the encryption slots. 915 * Thus unlike a proper format driver we don't ask for 916 * shared write/read permission. However we need it 917 * when we are updating the keys, to ensure that only we 918 * have access to the device. 919 * 920 * Encryption update will set the crypto->updating_keys 921 * during that period and refresh permissions 922 * 923 */ 924 if (crypto->updating_keys) { 925 /* need exclusive write access for header update */ 926 *nperm |= BLK_PERM_WRITE; 927 /* unshare read and write permission */ 928 *nshared &= ~(BLK_PERM_CONSISTENT_READ | BLK_PERM_WRITE); 929 } 930 } 931 932 933 static const char *const block_crypto_strong_runtime_opts[] = { 934 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET, 935 936 NULL 937 }; 938 939 static BlockDriver bdrv_crypto_luks = { 940 .format_name = "luks", 941 .instance_size = sizeof(BlockCrypto), 942 .bdrv_probe = block_crypto_probe_luks, 943 .bdrv_open = block_crypto_open_luks, 944 .bdrv_close = block_crypto_close, 945 .bdrv_child_perm = block_crypto_child_perms, 946 .bdrv_co_create = block_crypto_co_create_luks, 947 .bdrv_co_create_opts = block_crypto_co_create_opts_luks, 948 .bdrv_co_truncate = block_crypto_co_truncate, 949 .create_opts = &block_crypto_create_opts_luks, 950 .amend_opts = &block_crypto_amend_opts_luks, 951 952 .bdrv_reopen_prepare = block_crypto_reopen_prepare, 953 .bdrv_refresh_limits = block_crypto_refresh_limits, 954 .bdrv_co_preadv = block_crypto_co_preadv, 955 .bdrv_co_pwritev = block_crypto_co_pwritev, 956 .bdrv_getlength = block_crypto_getlength, 957 .bdrv_measure = block_crypto_measure, 958 .bdrv_get_info = block_crypto_get_info_luks, 959 .bdrv_get_specific_info = block_crypto_get_specific_info_luks, 960 .bdrv_amend_options = block_crypto_amend_options_luks, 961 .bdrv_co_amend = block_crypto_co_amend_luks, 962 .bdrv_amend_pre_run = block_crypto_amend_prepare, 963 .bdrv_amend_clean = block_crypto_amend_cleanup, 964 965 .is_format = true, 966 967 .strong_runtime_opts = block_crypto_strong_runtime_opts, 968 }; 969 970 static void block_crypto_init(void) 971 { 972 bdrv_register(&bdrv_crypto_luks); 973 } 974 975 block_init(block_crypto_init);