a092c513db
QAPI's 'prefix' feature can make the connection between enumeration type and its constants less than obvious. It's best used with restraint. QCryptoCipherAlgorithm has a 'prefix' that overrides the generated enumeration constants' prefix to QCRYPTO_CIPHER_ALG. We could simply drop 'prefix', but then the prefix becomes QCRYPTO_CIPHER_ALGORITHM, which is rather long. We could additionally rename the type to QCryptoCipherAlg, but I think the abbreviation "alg" is less than clear. Rename the type to QCryptoCipherAlgo instead. The prefix becomes QCRYPTO_CIPHER_ALGO. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240904111836.3273842-13-armbru@redhat.com>
500 lines
15 KiB
C
500 lines
15 KiB
C
/*
|
|
* QEMU Crypto block device encryption
|
|
*
|
|
* Copyright (c) 2015-2016 Red Hat, Inc.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
*
|
|
*/
|
|
|
|
#include "qemu/osdep.h"
|
|
#include "qapi/error.h"
|
|
#include "qemu/lockable.h"
|
|
#include "blockpriv.h"
|
|
#include "block-qcow.h"
|
|
#include "block-luks.h"
|
|
|
|
static const QCryptoBlockDriver *qcrypto_block_drivers[] = {
|
|
[QCRYPTO_BLOCK_FORMAT_QCOW] = &qcrypto_block_driver_qcow,
|
|
[QCRYPTO_BLOCK_FORMAT_LUKS] = &qcrypto_block_driver_luks,
|
|
};
|
|
|
|
|
|
bool qcrypto_block_has_format(QCryptoBlockFormat format,
|
|
const uint8_t *buf,
|
|
size_t len)
|
|
{
|
|
const QCryptoBlockDriver *driver;
|
|
|
|
if (format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
!qcrypto_block_drivers[format]) {
|
|
return false;
|
|
}
|
|
|
|
driver = qcrypto_block_drivers[format];
|
|
|
|
return driver->has_format(buf, len);
|
|
}
|
|
|
|
|
|
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
|
|
const char *optprefix,
|
|
QCryptoBlockReadFunc readfunc,
|
|
void *opaque,
|
|
unsigned int flags,
|
|
Error **errp)
|
|
{
|
|
QCryptoBlock *block = g_new0(QCryptoBlock, 1);
|
|
|
|
qemu_mutex_init(&block->mutex);
|
|
|
|
block->format = options->format;
|
|
|
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
!qcrypto_block_drivers[options->format]) {
|
|
error_setg(errp, "Unsupported block driver %s",
|
|
QCryptoBlockFormat_str(options->format));
|
|
g_free(block);
|
|
return NULL;
|
|
}
|
|
|
|
block->driver = qcrypto_block_drivers[options->format];
|
|
|
|
if (block->driver->open(block, options, optprefix,
|
|
readfunc, opaque, flags, errp) < 0)
|
|
{
|
|
g_free(block);
|
|
return NULL;
|
|
}
|
|
|
|
return block;
|
|
}
|
|
|
|
|
|
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
|
|
const char *optprefix,
|
|
QCryptoBlockInitFunc initfunc,
|
|
QCryptoBlockWriteFunc writefunc,
|
|
void *opaque,
|
|
unsigned int flags,
|
|
Error **errp)
|
|
{
|
|
QCryptoBlock *block = g_new0(QCryptoBlock, 1);
|
|
|
|
qemu_mutex_init(&block->mutex);
|
|
|
|
block->format = options->format;
|
|
|
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
!qcrypto_block_drivers[options->format]) {
|
|
error_setg(errp, "Unsupported block driver %s",
|
|
QCryptoBlockFormat_str(options->format));
|
|
g_free(block);
|
|
return NULL;
|
|
}
|
|
|
|
block->driver = qcrypto_block_drivers[options->format];
|
|
block->detached_header = flags & QCRYPTO_BLOCK_CREATE_DETACHED;
|
|
|
|
if (block->driver->create(block, options, optprefix, initfunc,
|
|
writefunc, opaque, errp) < 0) {
|
|
g_free(block);
|
|
return NULL;
|
|
}
|
|
|
|
return block;
|
|
}
|
|
|
|
|
|
static int qcrypto_block_headerlen_hdr_init_func(QCryptoBlock *block,
|
|
size_t headerlen, void *opaque, Error **errp)
|
|
{
|
|
size_t *headerlenp = opaque;
|
|
|
|
/* Stash away the payload size */
|
|
*headerlenp = headerlen;
|
|
return 0;
|
|
}
|
|
|
|
|
|
static int qcrypto_block_headerlen_hdr_write_func(QCryptoBlock *block,
|
|
size_t offset, const uint8_t *buf, size_t buflen,
|
|
void *opaque, Error **errp)
|
|
{
|
|
/* Discard the bytes, we're not actually writing to an image */
|
|
return 0;
|
|
}
|
|
|
|
|
|
bool
|
|
qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_opts,
|
|
const char *optprefix,
|
|
size_t *len,
|
|
Error **errp)
|
|
{
|
|
/* Fake LUKS creation in order to determine the payload size */
|
|
g_autoptr(QCryptoBlock) crypto =
|
|
qcrypto_block_create(create_opts, optprefix,
|
|
qcrypto_block_headerlen_hdr_init_func,
|
|
qcrypto_block_headerlen_hdr_write_func,
|
|
len, 0, errp);
|
|
return crypto != NULL;
|
|
}
|
|
|
|
int qcrypto_block_amend_options(QCryptoBlock *block,
|
|
QCryptoBlockReadFunc readfunc,
|
|
QCryptoBlockWriteFunc writefunc,
|
|
void *opaque,
|
|
QCryptoBlockAmendOptions *options,
|
|
bool force,
|
|
Error **errp)
|
|
{
|
|
if (options->format != block->format) {
|
|
error_setg(errp,
|
|
"Cannot amend encryption format");
|
|
return -1;
|
|
}
|
|
|
|
if (!block->driver->amend) {
|
|
error_setg(errp,
|
|
"Crypto format %s doesn't support format options amendment",
|
|
QCryptoBlockFormat_str(block->format));
|
|
return -1;
|
|
}
|
|
|
|
return block->driver->amend(block,
|
|
readfunc,
|
|
writefunc,
|
|
opaque,
|
|
options,
|
|
force,
|
|
errp);
|
|
}
|
|
|
|
QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
|
|
Error **errp)
|
|
{
|
|
QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1);
|
|
|
|
info->format = block->format;
|
|
|
|
if (block->driver->get_info &&
|
|
block->driver->get_info(block, info, errp) < 0) {
|
|
g_free(info);
|
|
return NULL;
|
|
}
|
|
|
|
return info;
|
|
}
|
|
|
|
|
|
int qcrypto_block_decrypt(QCryptoBlock *block,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
return block->driver->decrypt(block, offset, buf, len, errp);
|
|
}
|
|
|
|
|
|
int qcrypto_block_encrypt(QCryptoBlock *block,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
return block->driver->encrypt(block, offset, buf, len, errp);
|
|
}
|
|
|
|
|
|
QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block)
|
|
{
|
|
/* Ciphers should be accessed through pop/push method to be thread-safe.
|
|
* Better, they should not be accessed externally at all (note, that
|
|
* pop/push are static functions)
|
|
* This function is used only in test with one thread (it's safe to skip
|
|
* pop/push interface), so it's enough to assert it here:
|
|
*/
|
|
assert(block->max_free_ciphers <= 1);
|
|
return block->free_ciphers ? block->free_ciphers[0] : NULL;
|
|
}
|
|
|
|
|
|
static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block,
|
|
Error **errp)
|
|
{
|
|
/* Usually there is a free cipher available */
|
|
WITH_QEMU_LOCK_GUARD(&block->mutex) {
|
|
if (block->n_free_ciphers > 0) {
|
|
block->n_free_ciphers--;
|
|
return block->free_ciphers[block->n_free_ciphers];
|
|
}
|
|
}
|
|
|
|
/* Otherwise allocate a new cipher */
|
|
return qcrypto_cipher_new(block->alg, block->mode, block->key,
|
|
block->nkey, errp);
|
|
}
|
|
|
|
|
|
static void qcrypto_block_push_cipher(QCryptoBlock *block,
|
|
QCryptoCipher *cipher)
|
|
{
|
|
QEMU_LOCK_GUARD(&block->mutex);
|
|
|
|
if (block->n_free_ciphers == block->max_free_ciphers) {
|
|
block->max_free_ciphers++;
|
|
block->free_ciphers = g_renew(QCryptoCipher *,
|
|
block->free_ciphers,
|
|
block->max_free_ciphers);
|
|
}
|
|
|
|
block->free_ciphers[block->n_free_ciphers] = cipher;
|
|
block->n_free_ciphers++;
|
|
}
|
|
|
|
|
|
int qcrypto_block_init_cipher(QCryptoBlock *block,
|
|
QCryptoCipherAlgo alg,
|
|
QCryptoCipherMode mode,
|
|
const uint8_t *key, size_t nkey,
|
|
Error **errp)
|
|
{
|
|
QCryptoCipher *cipher;
|
|
|
|
assert(!block->free_ciphers && !block->max_free_ciphers &&
|
|
!block->n_free_ciphers);
|
|
|
|
/* Stash away cipher parameters for qcrypto_block_pop_cipher() */
|
|
block->alg = alg;
|
|
block->mode = mode;
|
|
block->key = g_memdup2(key, nkey);
|
|
block->nkey = nkey;
|
|
|
|
/*
|
|
* Create a new cipher to validate the parameters now. This reduces the
|
|
* chance of cipher creation failing at I/O time.
|
|
*/
|
|
cipher = qcrypto_block_pop_cipher(block, errp);
|
|
if (!cipher) {
|
|
g_free(block->key);
|
|
block->key = NULL;
|
|
return -1;
|
|
}
|
|
|
|
qcrypto_block_push_cipher(block, cipher);
|
|
return 0;
|
|
}
|
|
|
|
|
|
void qcrypto_block_free_cipher(QCryptoBlock *block)
|
|
{
|
|
size_t i;
|
|
|
|
g_free(block->key);
|
|
block->key = NULL;
|
|
|
|
if (!block->free_ciphers) {
|
|
return;
|
|
}
|
|
|
|
/* All popped ciphers were eventually pushed back */
|
|
assert(block->n_free_ciphers == block->max_free_ciphers);
|
|
|
|
for (i = 0; i < block->max_free_ciphers; i++) {
|
|
qcrypto_cipher_free(block->free_ciphers[i]);
|
|
}
|
|
|
|
g_free(block->free_ciphers);
|
|
block->free_ciphers = NULL;
|
|
block->max_free_ciphers = block->n_free_ciphers = 0;
|
|
}
|
|
|
|
QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block)
|
|
{
|
|
/* ivgen should be accessed under mutex. However, this function is used only
|
|
* in test with one thread, so it's enough to assert it here:
|
|
*/
|
|
assert(block->max_free_ciphers <= 1);
|
|
return block->ivgen;
|
|
}
|
|
|
|
|
|
QCryptoHashAlgo qcrypto_block_get_kdf_hash(QCryptoBlock *block)
|
|
{
|
|
return block->kdfhash;
|
|
}
|
|
|
|
|
|
uint64_t qcrypto_block_get_payload_offset(QCryptoBlock *block)
|
|
{
|
|
return block->payload_offset;
|
|
}
|
|
|
|
|
|
uint64_t qcrypto_block_get_sector_size(QCryptoBlock *block)
|
|
{
|
|
return block->sector_size;
|
|
}
|
|
|
|
|
|
void qcrypto_block_free(QCryptoBlock *block)
|
|
{
|
|
if (!block) {
|
|
return;
|
|
}
|
|
|
|
block->driver->cleanup(block);
|
|
|
|
qcrypto_block_free_cipher(block);
|
|
qcrypto_ivgen_free(block->ivgen);
|
|
qemu_mutex_destroy(&block->mutex);
|
|
g_free(block);
|
|
}
|
|
|
|
|
|
typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher,
|
|
const void *in,
|
|
void *out,
|
|
size_t len,
|
|
Error **errp);
|
|
|
|
static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher,
|
|
size_t niv,
|
|
QCryptoIVGen *ivgen,
|
|
QemuMutex *ivgen_mutex,
|
|
int sectorsize,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
QCryptoCipherEncDecFunc func,
|
|
Error **errp)
|
|
{
|
|
g_autofree uint8_t *iv = niv ? g_new0(uint8_t, niv) : NULL;
|
|
int ret = -1;
|
|
uint64_t startsector = offset / sectorsize;
|
|
|
|
assert(QEMU_IS_ALIGNED(offset, sectorsize));
|
|
assert(QEMU_IS_ALIGNED(len, sectorsize));
|
|
|
|
while (len > 0) {
|
|
size_t nbytes;
|
|
if (niv) {
|
|
if (ivgen_mutex) {
|
|
qemu_mutex_lock(ivgen_mutex);
|
|
}
|
|
ret = qcrypto_ivgen_calculate(ivgen, startsector, iv, niv, errp);
|
|
if (ivgen_mutex) {
|
|
qemu_mutex_unlock(ivgen_mutex);
|
|
}
|
|
|
|
if (ret < 0) {
|
|
return -1;
|
|
}
|
|
|
|
if (qcrypto_cipher_setiv(cipher,
|
|
iv, niv,
|
|
errp) < 0) {
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
nbytes = len > sectorsize ? sectorsize : len;
|
|
if (func(cipher, buf, buf, nbytes, errp) < 0) {
|
|
return -1;
|
|
}
|
|
|
|
startsector++;
|
|
buf += nbytes;
|
|
len -= nbytes;
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher,
|
|
size_t niv,
|
|
QCryptoIVGen *ivgen,
|
|
int sectorsize,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize,
|
|
offset, buf, len,
|
|
qcrypto_cipher_decrypt, errp);
|
|
}
|
|
|
|
|
|
int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher,
|
|
size_t niv,
|
|
QCryptoIVGen *ivgen,
|
|
int sectorsize,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize,
|
|
offset, buf, len,
|
|
qcrypto_cipher_encrypt, errp);
|
|
}
|
|
|
|
int qcrypto_block_decrypt_helper(QCryptoBlock *block,
|
|
int sectorsize,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
int ret;
|
|
QCryptoCipher *cipher = qcrypto_block_pop_cipher(block, errp);
|
|
if (!cipher) {
|
|
return -1;
|
|
}
|
|
|
|
ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen,
|
|
&block->mutex, sectorsize, offset, buf,
|
|
len, qcrypto_cipher_decrypt, errp);
|
|
|
|
qcrypto_block_push_cipher(block, cipher);
|
|
|
|
return ret;
|
|
}
|
|
|
|
int qcrypto_block_encrypt_helper(QCryptoBlock *block,
|
|
int sectorsize,
|
|
uint64_t offset,
|
|
uint8_t *buf,
|
|
size_t len,
|
|
Error **errp)
|
|
{
|
|
int ret;
|
|
QCryptoCipher *cipher = qcrypto_block_pop_cipher(block, errp);
|
|
if (!cipher) {
|
|
return -1;
|
|
}
|
|
|
|
ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen,
|
|
&block->mutex, sectorsize, offset, buf,
|
|
len, qcrypto_cipher_encrypt, errp);
|
|
|
|
qcrypto_block_push_cipher(block, cipher);
|
|
|
|
return ret;
|
|
}
|