diff options
author | Maxim Levitsky <mlevitsk@redhat.com> | 2020-06-25 14:55:36 +0200 |
---|---|---|
committer | Max Reitz <mreitz@redhat.com> | 2020-07-06 08:49:28 +0200 |
commit | 43cbd06df2dcdfe236e68351bb3c350e0d1d857a (patch) | |
tree | 64c4ab0ba1a95b19aca9f952f1e29fcd02da0cb5 | |
parent | d2a839ede850bbb23493ac03b1c2477026fe6bc7 (diff) |
qcrypto/core: add generic infrastructure for crypto options amendment
This will be used first to implement luks keyslot management.
block_crypto_amend_opts_init will be used to convert
qemu-img cmdline to QCryptoBlockAmendOptions
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20200608094030.670121-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
-rw-r--r-- | block/crypto.c | 17 | ||||
-rw-r--r-- | block/crypto.h | 3 | ||||
-rw-r--r-- | crypto/block.c | 29 | ||||
-rw-r--r-- | crypto/blockpriv.h | 8 | ||||
-rw-r--r-- | include/crypto/block.h | 22 | ||||
-rw-r--r-- | qapi/crypto.json | 16 |
6 files changed, 95 insertions, 0 deletions
diff --git a/block/crypto.c b/block/crypto.c index 973b57b3eb..dcf8b42bb2 100644 --- a/block/crypto.c +++ b/block/crypto.c @@ -202,6 +202,23 @@ block_crypto_create_opts_init(QDict *opts, Error **errp) return ret; } +QCryptoBlockAmendOptions * +block_crypto_amend_opts_init(QDict *opts, Error **errp) +{ + Visitor *v; + QCryptoBlockAmendOptions *ret; + + v = qobject_input_visitor_new_flat_confused(opts, errp); + if (!v) { + return NULL; + } + + visit_type_QCryptoBlockAmendOptions(v, NULL, &ret, errp); + + visit_free(v); + return ret; +} + static int block_crypto_open_generic(QCryptoBlockFormat format, QemuOptsList *opts_spec, diff --git a/block/crypto.h b/block/crypto.h index b935695e79..06e044c9be 100644 --- a/block/crypto.h +++ b/block/crypto.h @@ -91,6 +91,9 @@ QCryptoBlockCreateOptions * block_crypto_create_opts_init(QDict *opts, Error **errp); +QCryptoBlockAmendOptions * +block_crypto_amend_opts_init(QDict *opts, Error **errp); + QCryptoBlockOpenOptions * block_crypto_open_opts_init(QDict *opts, Error **errp); diff --git a/crypto/block.c b/crypto/block.c index 6f42b32f1e..eb057948b5 100644 --- a/crypto/block.c +++ b/crypto/block.c @@ -150,6 +150,35 @@ qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_opts, return crypto != NULL; } +int qcrypto_block_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockAmendOptions *options, + bool force, + Error **errp) +{ + if (options->format != block->format) { + error_setg(errp, + "Cannot amend encryption format"); + return -1; + } + + if (!block->driver->amend) { + error_setg(errp, + "Crypto format %s doesn't support format options amendment", + QCryptoBlockFormat_str(block->format)); + return -1; + } + + return block->driver->amend(block, + readfunc, + writefunc, + opaque, + options, + force, + errp); +} QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, Error **errp) diff --git a/crypto/blockpriv.h b/crypto/blockpriv.h index 71c59cb542..3c7ccea504 100644 --- a/crypto/blockpriv.h +++ b/crypto/blockpriv.h @@ -62,6 +62,14 @@ struct QCryptoBlockDriver { void *opaque, Error **errp); + int (*amend)(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockAmendOptions *options, + bool force, + Error **errp); + int (*get_info)(QCryptoBlock *block, QCryptoBlockInfo *info, Error **errp); diff --git a/include/crypto/block.h b/include/crypto/block.h index c77ccaf9c0..d274819791 100644 --- a/include/crypto/block.h +++ b/include/crypto/block.h @@ -144,6 +144,28 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, void *opaque, Error **errp); +/** + * qcrypto_block_amend_options: + * @block: the block encryption object + * + * @readfunc: callback for reading data from the volume header + * @writefunc: callback for writing data to the volume header + * @opaque: data to pass to @readfunc and @writefunc + * @options: the new/amended encryption options + * @force: hint for the driver to allow unsafe operation + * @errp: error pointer + * + * Changes the crypto options of the encryption format + * + */ +int qcrypto_block_amend_options(QCryptoBlock *block, + QCryptoBlockReadFunc readfunc, + QCryptoBlockWriteFunc writefunc, + void *opaque, + QCryptoBlockAmendOptions *options, + bool force, + Error **errp); + /** * qcrypto_block_calculate_payload_offset: diff --git a/qapi/crypto.json b/qapi/crypto.json index b2a4cff683..aeb6c7ef7b 100644 --- a/qapi/crypto.json +++ b/qapi/crypto.json @@ -309,3 +309,19 @@ 'base': 'QCryptoBlockInfoBase', 'discriminator': 'format', 'data': { 'luks': 'QCryptoBlockInfoLUKS' } } + + + +## +# @QCryptoBlockAmendOptions: +# +# The options that are available for all encryption formats +# when amending encryption settings +# +# Since: 5.1 +## +{ 'union': 'QCryptoBlockAmendOptions', + 'base': 'QCryptoBlockOptionsBase', + 'discriminator': 'format', + 'data': { + } } |