1 /* 2 * QEMU Crypto block device encryption 3 * 4 * Copyright (c) 2015-2016 Red Hat, Inc. 5 * 6 * This library is free software; you can redistribute it and/or 7 * modify it under the terms of the GNU Lesser General Public 8 * License as published by the Free Software Foundation; either 9 * version 2.1 of the License, or (at your option) any later version. 10 * 11 * This library is distributed in the hope that it will be useful, 12 * but WITHOUT ANY WARRANTY; without even the implied warranty of 13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 14 * Lesser General Public License for more details. 15 * 16 * You should have received a copy of the GNU Lesser General Public 17 * License along with this library; if not, see <http://www.gnu.org/licenses/>. 18 * 19 */ 20 21 #include "qemu/osdep.h" 22 #include "qapi/error.h" 23 #include "blockpriv.h" 24 #include "block-qcow.h" 25 #include "block-luks.h" 26 27 static const QCryptoBlockDriver *qcrypto_block_drivers[] = { 28 [Q_CRYPTO_BLOCK_FORMAT_QCOW] = &qcrypto_block_driver_qcow, 29 [Q_CRYPTO_BLOCK_FORMAT_LUKS] = &qcrypto_block_driver_luks, 30 }; 31 32 33 bool qcrypto_block_has_format(QCryptoBlockFormat format, 34 const uint8_t *buf, 35 size_t len) 36 { 37 const QCryptoBlockDriver *driver; 38 39 if (format >= G_N_ELEMENTS(qcrypto_block_drivers) || 40 !qcrypto_block_drivers[format]) { 41 return false; 42 } 43 44 driver = qcrypto_block_drivers[format]; 45 46 return driver->has_format(buf, len); 47 } 48 49 50 QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options, 51 const char *optprefix, 52 QCryptoBlockReadFunc readfunc, 53 void *opaque, 54 unsigned int flags, 55 size_t n_threads, 56 Error **errp) 57 { 58 QCryptoBlock *block = g_new0(QCryptoBlock, 1); 59 60 block->format = options->format; 61 62 if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) || 63 !qcrypto_block_drivers[options->format]) { 64 error_setg(errp, "Unsupported block driver %s", 65 QCryptoBlockFormat_str(options->format)); 66 g_free(block); 67 return NULL; 68 } 69 70 block->driver = qcrypto_block_drivers[options->format]; 71 72 if (block->driver->open(block, options, optprefix, 73 readfunc, opaque, flags, n_threads, errp) < 0) 74 { 75 g_free(block); 76 return NULL; 77 } 78 79 qemu_mutex_init(&block->mutex); 80 81 return block; 82 } 83 84 85 QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options, 86 const char *optprefix, 87 QCryptoBlockInitFunc initfunc, 88 QCryptoBlockWriteFunc writefunc, 89 void *opaque, 90 unsigned int flags, 91 Error **errp) 92 { 93 QCryptoBlock *block = g_new0(QCryptoBlock, 1); 94 95 block->format = options->format; 96 97 if (options->format >= G_N_ELEMENTS(qcrypto_block_drivers) || 98 !qcrypto_block_drivers[options->format]) { 99 error_setg(errp, "Unsupported block driver %s", 100 QCryptoBlockFormat_str(options->format)); 101 g_free(block); 102 return NULL; 103 } 104 105 block->driver = qcrypto_block_drivers[options->format]; 106 block->detached_header = flags & QCRYPTO_BLOCK_CREATE_DETACHED; 107 108 if (block->driver->create(block, options, optprefix, initfunc, 109 writefunc, opaque, errp) < 0) { 110 g_free(block); 111 return NULL; 112 } 113 114 qemu_mutex_init(&block->mutex); 115 116 return block; 117 } 118 119 120 static int qcrypto_block_headerlen_hdr_init_func(QCryptoBlock *block, 121 size_t headerlen, void *opaque, Error **errp) 122 { 123 size_t *headerlenp = opaque; 124 125 /* Stash away the payload size */ 126 *headerlenp = headerlen; 127 return 0; 128 } 129 130 131 static int qcrypto_block_headerlen_hdr_write_func(QCryptoBlock *block, 132 size_t offset, const uint8_t *buf, size_t buflen, 133 void *opaque, Error **errp) 134 { 135 /* Discard the bytes, we're not actually writing to an image */ 136 return 0; 137 } 138 139 140 bool 141 qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_opts, 142 const char *optprefix, 143 size_t *len, 144 Error **errp) 145 { 146 /* Fake LUKS creation in order to determine the payload size */ 147 g_autoptr(QCryptoBlock) crypto = 148 qcrypto_block_create(create_opts, optprefix, 149 qcrypto_block_headerlen_hdr_init_func, 150 qcrypto_block_headerlen_hdr_write_func, 151 len, 0, errp); 152 return crypto != NULL; 153 } 154 155 int qcrypto_block_amend_options(QCryptoBlock *block, 156 QCryptoBlockReadFunc readfunc, 157 QCryptoBlockWriteFunc writefunc, 158 void *opaque, 159 QCryptoBlockAmendOptions *options, 160 bool force, 161 Error **errp) 162 { 163 if (options->format != block->format) { 164 error_setg(errp, 165 "Cannot amend encryption format"); 166 return -1; 167 } 168 169 if (!block->driver->amend) { 170 error_setg(errp, 171 "Crypto format %s doesn't support format options amendment", 172 QCryptoBlockFormat_str(block->format)); 173 return -1; 174 } 175 176 return block->driver->amend(block, 177 readfunc, 178 writefunc, 179 opaque, 180 options, 181 force, 182 errp); 183 } 184 185 QCryptoBlockInfo *qcrypto_block_get_info(QCryptoBlock *block, 186 Error **errp) 187 { 188 QCryptoBlockInfo *info = g_new0(QCryptoBlockInfo, 1); 189 190 info->format = block->format; 191 192 if (block->driver->get_info && 193 block->driver->get_info(block, info, errp) < 0) { 194 g_free(info); 195 return NULL; 196 } 197 198 return info; 199 } 200 201 202 int qcrypto_block_decrypt(QCryptoBlock *block, 203 uint64_t offset, 204 uint8_t *buf, 205 size_t len, 206 Error **errp) 207 { 208 return block->driver->decrypt(block, offset, buf, len, errp); 209 } 210 211 212 int qcrypto_block_encrypt(QCryptoBlock *block, 213 uint64_t offset, 214 uint8_t *buf, 215 size_t len, 216 Error **errp) 217 { 218 return block->driver->encrypt(block, offset, buf, len, errp); 219 } 220 221 222 QCryptoCipher *qcrypto_block_get_cipher(QCryptoBlock *block) 223 { 224 /* Ciphers should be accessed through pop/push method to be thread-safe. 225 * Better, they should not be accessed externally at all (note, that 226 * pop/push are static functions) 227 * This function is used only in test with one thread (it's safe to skip 228 * pop/push interface), so it's enough to assert it here: 229 */ 230 assert(block->n_ciphers <= 1); 231 return block->ciphers ? block->ciphers[0] : NULL; 232 } 233 234 235 static QCryptoCipher *qcrypto_block_pop_cipher(QCryptoBlock *block) 236 { 237 QCryptoCipher *cipher; 238 239 qemu_mutex_lock(&block->mutex); 240 241 assert(block->n_free_ciphers > 0); 242 block->n_free_ciphers--; 243 cipher = block->ciphers[block->n_free_ciphers]; 244 245 qemu_mutex_unlock(&block->mutex); 246 247 return cipher; 248 } 249 250 251 static void qcrypto_block_push_cipher(QCryptoBlock *block, 252 QCryptoCipher *cipher) 253 { 254 qemu_mutex_lock(&block->mutex); 255 256 assert(block->n_free_ciphers < block->n_ciphers); 257 block->ciphers[block->n_free_ciphers] = cipher; 258 block->n_free_ciphers++; 259 260 qemu_mutex_unlock(&block->mutex); 261 } 262 263 264 int qcrypto_block_init_cipher(QCryptoBlock *block, 265 QCryptoCipherAlgorithm alg, 266 QCryptoCipherMode mode, 267 const uint8_t *key, size_t nkey, 268 size_t n_threads, Error **errp) 269 { 270 size_t i; 271 272 assert(!block->ciphers && !block->n_ciphers && !block->n_free_ciphers); 273 274 block->ciphers = g_new0(QCryptoCipher *, n_threads); 275 276 for (i = 0; i < n_threads; i++) { 277 block->ciphers[i] = qcrypto_cipher_new(alg, mode, key, nkey, errp); 278 if (!block->ciphers[i]) { 279 qcrypto_block_free_cipher(block); 280 return -1; 281 } 282 block->n_ciphers++; 283 block->n_free_ciphers++; 284 } 285 286 return 0; 287 } 288 289 290 void qcrypto_block_free_cipher(QCryptoBlock *block) 291 { 292 size_t i; 293 294 if (!block->ciphers) { 295 return; 296 } 297 298 assert(block->n_ciphers == block->n_free_ciphers); 299 300 for (i = 0; i < block->n_ciphers; i++) { 301 qcrypto_cipher_free(block->ciphers[i]); 302 } 303 304 g_free(block->ciphers); 305 block->ciphers = NULL; 306 block->n_ciphers = block->n_free_ciphers = 0; 307 } 308 309 QCryptoIVGen *qcrypto_block_get_ivgen(QCryptoBlock *block) 310 { 311 /* ivgen should be accessed under mutex. However, this function is used only 312 * in test with one thread, so it's enough to assert it here: 313 */ 314 assert(block->n_ciphers <= 1); 315 return block->ivgen; 316 } 317 318 319 QCryptoHashAlgorithm qcrypto_block_get_kdf_hash(QCryptoBlock *block) 320 { 321 return block->kdfhash; 322 } 323 324 325 uint64_t qcrypto_block_get_payload_offset(QCryptoBlock *block) 326 { 327 return block->payload_offset; 328 } 329 330 331 uint64_t qcrypto_block_get_sector_size(QCryptoBlock *block) 332 { 333 return block->sector_size; 334 } 335 336 337 void qcrypto_block_free(QCryptoBlock *block) 338 { 339 if (!block) { 340 return; 341 } 342 343 block->driver->cleanup(block); 344 345 qcrypto_block_free_cipher(block); 346 qcrypto_ivgen_free(block->ivgen); 347 qemu_mutex_destroy(&block->mutex); 348 g_free(block); 349 } 350 351 352 typedef int (*QCryptoCipherEncDecFunc)(QCryptoCipher *cipher, 353 const void *in, 354 void *out, 355 size_t len, 356 Error **errp); 357 358 static int do_qcrypto_block_cipher_encdec(QCryptoCipher *cipher, 359 size_t niv, 360 QCryptoIVGen *ivgen, 361 QemuMutex *ivgen_mutex, 362 int sectorsize, 363 uint64_t offset, 364 uint8_t *buf, 365 size_t len, 366 QCryptoCipherEncDecFunc func, 367 Error **errp) 368 { 369 g_autofree uint8_t *iv = niv ? g_new0(uint8_t, niv) : NULL; 370 int ret = -1; 371 uint64_t startsector = offset / sectorsize; 372 373 assert(QEMU_IS_ALIGNED(offset, sectorsize)); 374 assert(QEMU_IS_ALIGNED(len, sectorsize)); 375 376 while (len > 0) { 377 size_t nbytes; 378 if (niv) { 379 if (ivgen_mutex) { 380 qemu_mutex_lock(ivgen_mutex); 381 } 382 ret = qcrypto_ivgen_calculate(ivgen, startsector, iv, niv, errp); 383 if (ivgen_mutex) { 384 qemu_mutex_unlock(ivgen_mutex); 385 } 386 387 if (ret < 0) { 388 return -1; 389 } 390 391 if (qcrypto_cipher_setiv(cipher, 392 iv, niv, 393 errp) < 0) { 394 return -1; 395 } 396 } 397 398 nbytes = len > sectorsize ? sectorsize : len; 399 if (func(cipher, buf, buf, nbytes, errp) < 0) { 400 return -1; 401 } 402 403 startsector++; 404 buf += nbytes; 405 len -= nbytes; 406 } 407 408 return 0; 409 } 410 411 412 int qcrypto_block_cipher_decrypt_helper(QCryptoCipher *cipher, 413 size_t niv, 414 QCryptoIVGen *ivgen, 415 int sectorsize, 416 uint64_t offset, 417 uint8_t *buf, 418 size_t len, 419 Error **errp) 420 { 421 return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize, 422 offset, buf, len, 423 qcrypto_cipher_decrypt, errp); 424 } 425 426 427 int qcrypto_block_cipher_encrypt_helper(QCryptoCipher *cipher, 428 size_t niv, 429 QCryptoIVGen *ivgen, 430 int sectorsize, 431 uint64_t offset, 432 uint8_t *buf, 433 size_t len, 434 Error **errp) 435 { 436 return do_qcrypto_block_cipher_encdec(cipher, niv, ivgen, NULL, sectorsize, 437 offset, buf, len, 438 qcrypto_cipher_encrypt, errp); 439 } 440 441 int qcrypto_block_decrypt_helper(QCryptoBlock *block, 442 int sectorsize, 443 uint64_t offset, 444 uint8_t *buf, 445 size_t len, 446 Error **errp) 447 { 448 int ret; 449 QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); 450 451 ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, 452 &block->mutex, sectorsize, offset, buf, 453 len, qcrypto_cipher_decrypt, errp); 454 455 qcrypto_block_push_cipher(block, cipher); 456 457 return ret; 458 } 459 460 int qcrypto_block_encrypt_helper(QCryptoBlock *block, 461 int sectorsize, 462 uint64_t offset, 463 uint8_t *buf, 464 size_t len, 465 Error **errp) 466 { 467 int ret; 468 QCryptoCipher *cipher = qcrypto_block_pop_cipher(block); 469 470 ret = do_qcrypto_block_cipher_encdec(cipher, block->niv, block->ivgen, 471 &block->mutex, sectorsize, offset, buf, 472 len, qcrypto_cipher_encrypt, errp); 473 474 qcrypto_block_push_cipher(block, cipher); 475 476 return ret; 477 } 478