Lines Matching +full:- +full:- +full:refresh +full:- +full:keys
4 * Copyright (c) 2015-2016 Red Hat, Inc.
25 #include "system/block-backend.h"
27 #include "qapi/opts-visitor.h"
28 #include "qapi/qapi-visit-crypto.h"
29 #include "qapi/qobject-input-visitor.h"
67 BlockCrypto *crypto = bs->opaque; in block_crypto_read_func()
73 ret = bdrv_pread(crypto->header ? crypto->header : bs->file, in block_crypto_read_func()
76 error_setg_errno(errp, -ret, "Could not read encryption header"); in block_crypto_read_func()
90 BlockCrypto *crypto = bs->opaque; in block_crypto_write_func()
96 ret = bdrv_pwrite(crypto->header ? crypto->header : bs->file, in block_crypto_write_func()
99 error_setg_errno(errp, -ret, "Could not write encryption header"); in block_crypto_write_func()
121 ret = blk_pwrite(data->blk, offset, buflen, buf, 0); in block_crypto_create_write_func()
123 error_setg_errno(errp, -ret, "Could not write encryption header"); in block_crypto_create_write_func()
137 if (data->size > INT64_MAX || headerlen > INT64_MAX - data->size) { in block_crypto_create_init_func()
138 ret = -EFBIG; in block_crypto_create_init_func()
146 ret = blk_truncate(data->blk, data->size + headerlen, false, in block_crypto_create_init_func()
147 data->prealloc, 0, &local_error); in block_crypto_create_init_func()
154 if (ret == -EFBIG) { in block_crypto_create_init_func()
174 if (luks_opts->size > INT64_MAX) { in block_crypto_co_format_luks_payload()
175 return -EFBIG; in block_crypto_co_format_luks_payload()
178 bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); in block_crypto_co_format_luks_payload()
180 return -EIO; in block_crypto_co_format_luks_payload()
186 ret = -EPERM; in block_crypto_co_format_luks_payload()
190 ret = blk_truncate(blk, luks_opts->size, true, in block_crypto_co_format_luks_payload()
191 luks_opts->preallocation, 0, &local_error); in block_crypto_co_format_luks_payload()
193 if (ret == -EFBIG) { in block_crypto_co_format_luks_payload()
315 BlockCrypto *crypto = bs->opaque; in block_crypto_open_generic()
329 crypto->header = bdrv_open_child(NULL, options, "header", bs, in block_crypto_open_generic()
333 return -EINVAL; in block_crypto_open_generic()
338 bs->supported_write_flags = BDRV_REQ_FUA & in block_crypto_open_generic()
339 bs->file->bs->supported_write_flags; in block_crypto_open_generic()
343 ret = -EINVAL; in block_crypto_open_generic()
352 ret = -EINVAL; in block_crypto_open_generic()
359 if (crypto->header != NULL) { in block_crypto_open_generic()
362 crypto->block = qcrypto_block_open(open_opts, NULL, in block_crypto_open_generic()
368 if (!crypto->block) { in block_crypto_open_generic()
369 ret = -EIO; in block_crypto_open_generic()
373 bs->encrypted = true; in block_crypto_open_generic()
398 ret = -EPERM; in block_crypto_co_create_generic()
420 ret = -EIO; in block_crypto_co_create_generic()
436 BlockCrypto *crypto = bs->opaque; in block_crypto_co_truncate()
438 qcrypto_block_get_payload_offset(crypto->block); in block_crypto_co_truncate()
440 if (payload_offset > INT64_MAX - offset) { in block_crypto_co_truncate()
442 return -EFBIG; in block_crypto_co_truncate()
447 return bdrv_co_truncate(bs->file, offset, exact, prealloc, 0, errp); in block_crypto_co_truncate()
452 BlockCrypto *crypto = bs->opaque; in block_crypto_close()
453 qcrypto_block_free(crypto->block); in block_crypto_close()
473 BlockCrypto *crypto = bs->opaque; in block_crypto_co_preadv()
479 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); in block_crypto_co_preadv()
480 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); in block_crypto_co_preadv()
486 qemu_iovec_init(&hd_qiov, qiov->niov); in block_crypto_co_preadv()
492 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, in block_crypto_co_preadv()
493 qiov->size)); in block_crypto_co_preadv()
495 ret = -ENOMEM; in block_crypto_co_preadv()
505 ret = bdrv_co_preadv(bs->file, payload_offset + offset + bytes_done, in block_crypto_co_preadv()
511 if (qcrypto_block_decrypt(crypto->block, offset + bytes_done, in block_crypto_co_preadv()
513 ret = -EIO; in block_crypto_co_preadv()
519 bytes -= cur_bytes; in block_crypto_co_preadv()
535 BlockCrypto *crypto = bs->opaque; in block_crypto_co_pwritev()
541 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); in block_crypto_co_pwritev()
542 uint64_t payload_offset = qcrypto_block_get_payload_offset(crypto->block); in block_crypto_co_pwritev()
550 qemu_iovec_init(&hd_qiov, qiov->niov); in block_crypto_co_pwritev()
553 * contents of qiov - it points to guest memory. in block_crypto_co_pwritev()
556 qemu_try_blockalign(bs->file->bs, MIN(BLOCK_CRYPTO_MAX_IO_SIZE, in block_crypto_co_pwritev()
557 qiov->size)); in block_crypto_co_pwritev()
559 ret = -ENOMEM; in block_crypto_co_pwritev()
568 if (qcrypto_block_encrypt(crypto->block, offset + bytes_done, in block_crypto_co_pwritev()
570 ret = -EIO; in block_crypto_co_pwritev()
577 ret = bdrv_co_pwritev(bs->file, payload_offset + offset + bytes_done, in block_crypto_co_pwritev()
583 bytes -= cur_bytes; in block_crypto_co_pwritev()
596 BlockCrypto *crypto = bs->opaque; in block_crypto_refresh_limits()
597 uint64_t sector_size = qcrypto_block_get_sector_size(crypto->block); in block_crypto_refresh_limits()
598 bs->bl.request_alignment = sector_size; /* No sub-sector I/O */ in block_crypto_refresh_limits()
605 BlockCrypto *crypto = bs->opaque; in block_crypto_co_getlength()
606 int64_t len = bdrv_co_getlength(bs->file->bs); in block_crypto_co_getlength()
608 uint64_t offset = qcrypto_block_get_payload_offset(crypto->block); in block_crypto_co_getlength()
612 return -EIO; in block_crypto_co_getlength()
615 len -= offset; in block_crypto_co_getlength()
644 error_setg_errno(&local_err, -ssize, in block_crypto_measure()
672 info->fully_allocated = luks_payload_size + size; in block_crypto_measure()
673 info->required = luks_payload_size + size; in block_crypto_measure()
710 assert(create_options->driver == BLOCKDEV_DRIVER_LUKS); in block_crypto_co_create_luks()
711 luks_opts = &create_options->u.luks; in block_crypto_co_create_luks()
713 if (luks_opts->header == NULL && luks_opts->file == NULL) { in block_crypto_co_create_luks()
716 return -EINVAL; in block_crypto_co_create_luks()
719 if ((luks_opts->preallocation != PREALLOC_MODE_OFF) && in block_crypto_co_create_luks()
720 (luks_opts->file == NULL)) { in block_crypto_co_create_luks()
723 return -EINVAL; in block_crypto_co_create_luks()
731 if (luks_opts->has_preallocation) { in block_crypto_co_create_luks()
732 preallocation = luks_opts->preallocation; in block_crypto_co_create_luks()
735 if (luks_opts->header) { in block_crypto_co_create_luks()
737 hdr_bs = bdrv_co_open_blockdev_ref(luks_opts->header, errp); in block_crypto_co_create_luks()
739 return -EIO; in block_crypto_co_create_luks()
752 if (luks_opts->file) { in block_crypto_co_create_luks()
758 } else if (luks_opts->file) { in block_crypto_co_create_luks()
759 /* LUKS volume with none-detached header */ in block_crypto_co_create_luks()
760 bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp); in block_crypto_co_create_luks()
762 return -EIO; in block_crypto_co_create_luks()
765 ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts, in block_crypto_co_create_luks()
795 qemu_opt_get_bool(opts, "detached-header", false); in block_crypto_co_create_opts_luks()
809 return -EINVAL; in block_crypto_co_create_opts_luks()
819 ret = -EINVAL; in block_crypto_co_create_opts_luks()
832 ret = -EINVAL; in block_crypto_co_create_opts_luks()
871 ret = bdrv_co_get_info(bs->file->bs, &subbdi); in block_crypto_co_get_info_luks()
876 bdi->cluster_size = subbdi.cluster_size; in block_crypto_co_get_info_luks()
884 BlockCrypto *crypto = bs->opaque; in block_crypto_get_specific_info_luks()
888 info = qcrypto_block_get_info(crypto->block, errp); in block_crypto_get_specific_info_luks()
892 assert(info->format == QCRYPTO_BLOCK_FORMAT_LUKS); in block_crypto_get_specific_info_luks()
895 spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS; in block_crypto_get_specific_info_luks()
896 spec_info->u.luks.data = g_new(QCryptoBlockInfoLUKS, 1); in block_crypto_get_specific_info_luks()
897 *spec_info->u.luks.data = info->u.luks; in block_crypto_get_specific_info_luks()
900 memset(&info->u.luks, 0, sizeof(info->u.luks)); in block_crypto_get_specific_info_luks()
910 BlockCrypto *crypto = bs->opaque; in block_crypto_amend_prepare()
914 crypto->updating_keys = true; in block_crypto_amend_prepare()
915 ret = bdrv_child_refresh_perms(bs, bs->file, errp); in block_crypto_amend_prepare()
917 /* Well, in this case we will not be updating any keys */ in block_crypto_amend_prepare()
918 crypto->updating_keys = false; in block_crypto_amend_prepare()
926 BlockCrypto *crypto = bs->opaque; in block_crypto_amend_cleanup()
930 crypto->updating_keys = false; in block_crypto_amend_cleanup()
931 bdrv_child_refresh_perms(bs, bs->file, &errp); in block_crypto_amend_cleanup()
944 BlockCrypto *crypto = bs->opaque; in block_crypto_amend_options_generic_luks()
947 assert(crypto->block); in block_crypto_amend_options_generic_luks()
949 return qcrypto_block_amend_options(crypto->block, in block_crypto_amend_options_generic_luks()
966 BlockCrypto *crypto = bs->opaque; in block_crypto_amend_options_luks()
969 int ret = -EINVAL; in block_crypto_amend_options_luks()
972 assert(crypto->block); in block_crypto_amend_options_luks()
1006 .u.luks = *qapi_BlockdevAmendOptionsLUKS_base(&opts->u.luks), in block_crypto_co_amend_luks()
1020 BlockCrypto *crypto = bs->opaque; in block_crypto_child_perms()
1042 * when we are updating the keys, to ensure that only we in block_crypto_child_perms()
1045 * Encryption update will set the crypto->updating_keys in block_crypto_child_perms()
1046 * during that period and refresh permissions in block_crypto_child_perms()
1049 if (crypto->updating_keys) { in block_crypto_child_perms()