2015-10-24 12:44:13 +02:00
|
|
|
/*
|
|
|
|
* QEMU Crypto block device encryption
|
|
|
|
*
|
|
|
|
* Copyright (c) 2015-2016 Red Hat, Inc.
|
|
|
|
*
|
|
|
|
* This library is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
|
|
* License as published by the Free Software Foundation; either
|
2019-02-13 16:54:59 +01:00
|
|
|
* version 2.1 of the License, or (at your option) any later version.
|
2015-10-24 12:44:13 +02:00
|
|
|
*
|
|
|
|
* This library is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
* Lesser General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
|
|
* License along with this library; if not, see <http://www.gnu.org/licenses/>.
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include "qemu/osdep.h"
|
include/qemu/osdep.h: Don't include qapi/error.h
Commit 57cb38b included qapi/error.h into qemu/osdep.h to get the
Error typedef. Since then, we've moved to include qemu/osdep.h
everywhere. Its file comment explains: "To avoid getting into
possible circular include dependencies, this file should not include
any other QEMU headers, with the exceptions of config-host.h,
compiler.h, os-posix.h and os-win32.h, all of which are doing a
similar job to this file and are under similar constraints."
qapi/error.h doesn't do a similar job, and it doesn't adhere to
similar constraints: it includes qapi-types.h. That's in excess of
100KiB of crap most .c files don't actually need.
Add the typedef to qemu/typedefs.h, and include that instead of
qapi/error.h. Include qapi/error.h in .c files that need it and don't
get it now. Include qapi-types.h in qom/object.h for uint16List.
Update scripts/clean-includes accordingly. Update it further to match
reality: replace config.h by config-target.h, add sysemu/os-posix.h,
sysemu/os-win32.h. Update the list of includes in the qemu/osdep.h
comment quoted above similarly.
This reduces the number of objects depending on qapi/error.h from "all
of them" to less than a third. Unfortunately, the number depending on
qapi-types.h shrinks only a little. More work is needed for that one.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
[Fix compilation without the spice devel packages. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2016-03-14 09:01:28 +01:00
|
|
|
#include "qapi/error.h"
|
2018-05-03 21:50:23 +02:00
|
|
|
#include "blockpriv.h"
|
|
|
|
#include "block-qcow.h"
|
|
|
|
#include "block-luks.h"
|
2015-10-24 12:44:13 +02:00
|
|
|
|
|
|
|
static const QCryptoBlockDriver *qcrypto_block_drivers[] = {
|
|
|
|
[Q_CRYPTO_BLOCK_FORMAT_QCOW] = &qcrypto_block_driver_qcow,
|
2015-10-24 12:55:48 +02:00
|
|
|
[Q_CRYPTO_BLOCK_FORMAT_LUKS] = &qcrypto_block_driver_luks,
|
2015-10-24 12:44:13 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
bool qcrypto_block_has_format(QCryptoBlockFormat format,
|
|
|
|
const uint8_t *buf,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
const QCryptoBlockDriver *driver;
|
|
|
|
|
|
|
|
if (format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
|
|
!qcrypto_block_drivers[format]) {
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
driver = qcrypto_block_drivers[format];
|
|
|
|
|
|
|
|
return driver->has_format(buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
|
2017-06-23 18:24:17 +02:00
|
|
|
const char *optprefix,
|
2015-10-24 12:44:13 +02:00
|
|
|
QCryptoBlockReadFunc readfunc,
|
|
|
|
void *opaque,
|
|
|
|
unsigned int flags,
|
2018-12-07 17:13:51 +01:00
|
|
|
size_t n_threads,
|
2015-10-24 12:44:13 +02:00
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoBlock *block = g_new0(QCryptoBlock, 1);
|
|
|
|
|
|
|
|
block->format = options->format;
|
|
|
|
|
|
|
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
|
|
!qcrypto_block_drivers[options->format]) {
|
2016-09-05 19:02:05 +02:00
|
|
|
error_setg(errp, "Unsupported block driver %s",
|
2017-08-24 10:46:08 +02:00
|
|
|
QCryptoBlockFormat_str(options->format));
|
2015-10-24 12:44:13 +02:00
|
|
|
g_free(block);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
block->driver = qcrypto_block_drivers[options->format];
|
|
|
|
|
2017-06-23 18:24:17 +02:00
|
|
|
if (block->driver->open(block, options, optprefix,
|
2018-12-07 17:13:51 +01:00
|
|
|
readfunc, opaque, flags, n_threads, errp) < 0)
|
|
|
|
{
|
2015-10-24 12:44:13 +02:00
|
|
|
g_free(block);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2018-12-07 17:13:51 +01:00
|
|
|
qemu_mutex_init(&block->mutex);
|
|
|
|
|
2015-10-24 12:44:13 +02:00
|
|
|
return block;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
|
2017-06-23 18:24:17 +02:00
|
|
|
const char *optprefix,
|
2015-10-24 12:44:13 +02:00
|
|
|
QCryptoBlockInitFunc initfunc,
|
|
|
|
QCryptoBlockWriteFunc writefunc,
|
|
|
|
void *opaque,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoBlock *block = g_new0(QCryptoBlock, 1);
|
|
|
|
|
|
|
|
block->format = options->format;
|
|
|
|
|
|
|
|
if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) ||
|
|
|
|
!qcrypto_block_drivers[options->format]) {
|
2016-09-05 19:02:05 +02:00
|
|
|
error_setg(errp, "Unsupported block driver %s",
|
2017-08-24 10:46:08 +02:00
|
|
|
QCryptoBlockFormat_str(options->format));
|
2015-10-24 12:44:13 +02:00
|
|
|
g_free(block);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
block->driver = qcrypto_block_drivers[options->format];
|
|
|
|
|
2017-06-23 18:24:17 +02:00
|
|
|
if (block->driver->create(block, options, optprefix, initfunc,
|
2015-10-24 12:44:13 +02:00
|
|
|
writefunc, opaque, errp) < 0) {
|
|
|
|
g_free(block);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2018-12-07 17:13:51 +01:00
|
|
|
qemu_mutex_init(&block->mutex);
|
|
|
|
|
2015-10-24 12:44:13 +02:00
|
|
|
return block;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-07-22 14:53:34 +02:00
|
|
|
QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block,
|
|
|
|
Error **errp)
|
|
|
|
{
|
|
|
|
QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1);
|
|
|
|
|
|
|
|
info->format = block->format;
|
|
|
|
|
|
|
|
if (block->driver->get_info &&
|
|
|
|
block->driver->get_info(block, info, errp) < 0) {
|
|
|
|
g_free(info);
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
return info;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-24 12:44:13 +02:00
|
|
|
int qcrypto_block_decrypt(QCryptoBlock *block,
|
2017-09-27 14:53:39 +02:00
|
|
|
uint64_t offset,
|
2015-10-24 12:44:13 +02:00
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
|
|
|
{
|
2017-09-27 14:53:39 +02:00
|
|
|
return block->driver->decrypt(block, offset, buf, len, errp);
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int qcrypto_block_encrypt(QCryptoBlock *block,
|
2017-09-27 14:53:39 +02:00
|
|
|
uint64_t offset,
|
2015-10-24 12:44:13 +02:00
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
|
|
|
{
|
2017-09-27 14:53:39 +02:00
|
|
|
return block->driver->encrypt(block, offset, buf, len, errp);
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block)
|
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
/* Ciphers should be accessed through pop/push method to be thread-safe.
|
|
|
|
* Better, they should not be accessed externally at all (note, that
|
|
|
|
* pop/push are static functions)
|
|
|
|
* This function is used only in test with one thread (it's safe to skip
|
|
|
|
* pop/push interface), so it's enough to assert it here:
|
|
|
|
*/
|
|
|
|
assert(block->n_ciphers <= 1);
|
|
|
|
return block->ciphers ? block->ciphers[0] : NULL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
QCryptoCipher *cipher;
|
|
|
|
|
|
|
|
qemu_mutex_lock(&block->mutex);
|
|
|
|
|
|
|
|
assert(block->n_free_ciphers > 0);
|
|
|
|
block->n_free_ciphers--;
|
|
|
|
cipher = block->ciphers[block->n_free_ciphers];
|
|
|
|
|
|
|
|
qemu_mutex_unlock(&block->mutex);
|
|
|
|
|
|
|
|
return cipher;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void qcrypto_block_push_cipher(QCryptoBlock *block,
|
|
|
|
QCryptoCipher *cipher)
|
|
|
|
{
|
|
|
|
qemu_mutex_lock(&block->mutex);
|
|
|
|
|
|
|
|
assert(block->n_free_ciphers < block->n_ciphers);
|
|
|
|
block->ciphers[block->n_free_ciphers] = cipher;
|
|
|
|
block->n_free_ciphers++;
|
|
|
|
|
|
|
|
qemu_mutex_unlock(&block->mutex);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int qcrypto_block_init_cipher(QCryptoBlock *block,
|
|
|
|
QCryptoCipherAlgorithm alg,
|
|
|
|
QCryptoCipherMode mode,
|
|
|
|
const uint8_t *key, size_t nkey,
|
|
|
|
size_t n_threads, Error **errp)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
assert(!block->ciphers && !block->n_ciphers && !block->n_free_ciphers);
|
|
|
|
|
|
|
|
block->ciphers = g_new0(QCryptoCipher *, n_threads);
|
|
|
|
|
|
|
|
for (i = 0; i < n_threads; i++) {
|
|
|
|
block->ciphers[i] = qcrypto_cipher_new(alg, mode, key, nkey, errp);
|
|
|
|
if (!block->ciphers[i]) {
|
|
|
|
qcrypto_block_free_cipher(block);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
block->n_ciphers++;
|
|
|
|
block->n_free_ciphers++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-12-07 17:13:51 +01:00
|
|
|
void qcrypto_block_free_cipher(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
if (!block->ciphers) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
assert(block->n_ciphers == block->n_free_ciphers);
|
|
|
|
|
|
|
|
for (i = 0; i < block->n_ciphers; i++) {
|
|
|
|
qcrypto_cipher_free(block->ciphers[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
g_free(block->ciphers);
|
|
|
|
block->ciphers = NULL;
|
|
|
|
block->n_ciphers = block->n_free_ciphers = 0;
|
|
|
|
}
|
|
|
|
|
2015-10-24 12:44:13 +02:00
|
|
|
QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block)
|
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
/* ivgen should be accessed under mutex. However, this function is used only
|
|
|
|
* in test with one thread, so it's enough to assert it here:
|
|
|
|
*/
|
|
|
|
assert(block->n_ciphers <= 1);
|
2015-10-24 12:44:13 +02:00
|
|
|
return block->ivgen;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
QCryptoHashAlgorithm qcrypto_block_get_kdf_hash(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
return block->kdfhash;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
uint64_t qcrypto_block_get_payload_offset(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
return block->payload_offset;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-09-27 14:53:36 +02:00
|
|
|
uint64_t qcrypto_block_get_sector_size(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
return block->sector_size;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-24 12:44:13 +02:00
|
|
|
void qcrypto_block_free(QCryptoBlock *block)
|
|
|
|
{
|
|
|
|
if (!block) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
block->driver->cleanup(block);
|
|
|
|
|
2018-12-07 17:13:51 +01:00
|
|
|
qcrypto_block_free_cipher(block);
|
2015-10-24 12:44:13 +02:00
|
|
|
qcrypto_ivgen_free(block->ivgen);
|
2018-12-07 17:13:51 +01:00
|
|
|
qemu_mutex_destroy(&block->mutex);
|
2015-10-24 12:44:13 +02:00
|
|
|
g_free(block);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-12-07 17:13:48 +01:00
|
|
|
typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher,
|
2018-12-07 17:13:49 +01:00
|
|
|
const void *in,
|
|
|
|
void *out,
|
|
|
|
size_t len,
|
|
|
|
Error **errp);
|
|
|
|
|
|
|
|
static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher,
|
|
|
|
size_t niv,
|
|
|
|
QCryptoIVGen *ivgen,
|
2018-12-07 17:13:51 +01:00
|
|
|
QemuMutex *ivgen_mutex,
|
2018-12-07 17:13:49 +01:00
|
|
|
int sectorsize,
|
|
|
|
uint64_t offset,
|
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
QCryptoCipherEncDecFunc func,
|
|
|
|
Error **errp)
|
2015-10-24 12:44:13 +02:00
|
|
|
{
|
2019-07-23 17:22:36 +02:00
|
|
|
g_autofree uint8_t *iv = niv ? g_new0(uint8_t, niv) : NULL;
|
2015-10-24 12:44:13 +02:00
|
|
|
int ret = -1;
|
2017-09-27 14:53:39 +02:00
|
|
|
uint64_t startsector = offset / sectorsize;
|
|
|
|
|
|
|
|
assert(QEMU_IS_ALIGNED(offset, sectorsize));
|
|
|
|
assert(QEMU_IS_ALIGNED(len, sectorsize));
|
2015-10-24 12:44:13 +02:00
|
|
|
|
|
|
|
while (len > 0) {
|
|
|
|
size_t nbytes;
|
|
|
|
if (niv) {
|
2018-12-07 17:13:51 +01:00
|
|
|
if (ivgen_mutex) {
|
|
|
|
qemu_mutex_lock(ivgen_mutex);
|
|
|
|
}
|
|
|
|
ret = qcrypto_ivgen_calculate(ivgen, startsector, iv, niv, errp);
|
|
|
|
if (ivgen_mutex) {
|
|
|
|
qemu_mutex_unlock(ivgen_mutex);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret < 0) {
|
2019-07-23 17:22:36 +02:00
|
|
|
return -1;
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
if (qcrypto_cipher_setiv(cipher,
|
|
|
|
iv, niv,
|
|
|
|
errp) < 0) {
|
2019-07-23 17:22:36 +02:00
|
|
|
return -1;
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
nbytes = len > sectorsize ? sectorsize : len;
|
2018-12-07 17:13:48 +01:00
|
|
|
if (func(cipher, buf, buf, nbytes, errp) < 0) {
|
2019-07-23 17:22:36 +02:00
|
|
|
return -1;
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
startsector++;
|
|
|
|
buf += nbytes;
|
|
|
|
len -= nbytes;
|
|
|
|
}
|
|
|
|
|
2019-07-23 17:22:36 +02:00
|
|
|
return 0;
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-12-07 17:13:49 +01:00
|
|
|
int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher,
|
|
|
|
size_t niv,
|
|
|
|
QCryptoIVGen *ivgen,
|
|
|
|
int sectorsize,
|
|
|
|
uint64_t offset,
|
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
2015-10-24 12:44:13 +02:00
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize,
|
2018-12-07 17:13:49 +01:00
|
|
|
offset, buf, len,
|
|
|
|
qcrypto_cipher_decrypt, errp);
|
2018-12-07 17:13:48 +01:00
|
|
|
}
|
2015-10-24 12:44:13 +02:00
|
|
|
|
|
|
|
|
2018-12-07 17:13:49 +01:00
|
|
|
int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher,
|
|
|
|
size_t niv,
|
|
|
|
QCryptoIVGen *ivgen,
|
|
|
|
int sectorsize,
|
|
|
|
uint64_t offset,
|
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
2018-12-07 17:13:48 +01:00
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize,
|
2018-12-07 17:13:49 +01:00
|
|
|
offset, buf, len,
|
|
|
|
qcrypto_cipher_encrypt, errp);
|
2015-10-24 12:44:13 +02:00
|
|
|
}
|
2018-12-07 17:13:50 +01:00
|
|
|
|
|
|
|
int qcrypto_block_decrypt_helper(QCryptoBlock *block,
|
|
|
|
int sectorsize,
|
|
|
|
uint64_t offset,
|
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
int ret;
|
|
|
|
QCryptoCipher *cipher = qcrypto_block_pop_cipher(block);
|
2018-12-07 17:13:50 +01:00
|
|
|
|
2018-12-07 17:13:51 +01:00
|
|
|
ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen,
|
|
|
|
&block->mutex, sectorsize, offset, buf,
|
|
|
|
len, qcrypto_cipher_decrypt, errp);
|
|
|
|
|
|
|
|
qcrypto_block_push_cipher(block, cipher);
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
2018-12-07 17:13:50 +01:00
|
|
|
|
|
|
|
int qcrypto_block_encrypt_helper(QCryptoBlock *block,
|
|
|
|
int sectorsize,
|
|
|
|
uint64_t offset,
|
|
|
|
uint8_t *buf,
|
|
|
|
size_t len,
|
|
|
|
Error **errp)
|
|
|
|
{
|
2018-12-07 17:13:51 +01:00
|
|
|
int ret;
|
|
|
|
QCryptoCipher *cipher = qcrypto_block_pop_cipher(block);
|
|
|
|
|
|
|
|
ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen,
|
|
|
|
&block->mutex, sectorsize, offset, buf,
|
|
|
|
len, qcrypto_cipher_encrypt, errp);
|
|
|
|
|
|
|
|
qcrypto_block_push_cipher(block, cipher);
|
|
|
|
|
|
|
|
return ret;
|
2018-12-07 17:13:50 +01:00
|
|
|
}
|