This is a posting of the previously submitted work in progress code: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
This series depends on these previously submitted patches to the block tools: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg04354.html As can be guessed from the subject, the primary goal of this patch series is to support LUKS encryption in the QEMU block layer. QEMU has increasingly been adding native clients for network block protocols (RBD, gluster, NFS, iSCSI, etc) and apps like OpenStack are embracing them as it is much easier to deal with this from a management POV than to deal with the kernel block layer & userspace tools. Unfortunately when using QEMU native clients, apps are locked out of using dm-crypt and LUKS which is undesirable. This series introduces two new features to the block layer. First there is a general purpose 'luks' format driver which can be layered over any other existing block driver. eg it can be layed above RBD, iSCSI, etc. Second the qcow2 file format is extended so that its embedded encryption can be replaced with the LUKS data format. While you could just layer the general purpose luks driver over qcow2, this is slightly less desirable, as it removes the ability to reliably auto-detect that LUKS is used by QEMU, as opposed to used by the guest OS. Having use of LUKS encoded in the qcow2 header addresses this. The code is designed such that there is a strict separation between the full disk encryption format and the block I/O layer. Thus there is an generic API for dealing with full disk encryption added to the crypto/ subsystem. The block layer merely calls this FDE API when required, which serves to minimize the code present in the already complex block layer. The first 5 patches add some supporting APIs to the crypto subsystem. The 6-7 patches introduce the general full disk encryption API to the crypto subsystem and LUKS implementation Patches 8-14 add the new 'luks' block driver format and convert qcow & qcow2 to the new FDE APIs, enabling LUKS in qcow2 (but not qcow) at the same time. Patches 15-16 clean up the horrible password handling cruft in the block layer and monitor. Patch 17 blocks use of the legacy qcow[2] encryption from the system emulators. Still to do - Add support for XTS cipher mode for dm-crypt compat Changes since v1: - Unit testing coverage of the full disk encryption APIs - Functional testing of LUKS driver via the qemu-iotests for the block layer - Use GNUTLS random API for the random byte source - Use Makefile.objs for conditional compilation of pbkdf files (Fam) - Use 'key-secret' instead of 'key-id' as property for decryption key (Paolo) - Rename 'fde' to 'crypto' in block code (Kevin) - Fix accounting of encryption header clusters when checking refcounts (Kevin) - Rename format 'qcowaes' to 'qcow' (Eric) - Fix qapi syntax for marking optional parameters (Eric) - Add assertions in I/O path for BDRV_O_NO_IO flag - Cleanup return codes / error reporting (Kevin) - Other misc fixes identified in testing Changes since WIP: - QAPI parameters defined for the encryption key ID - The qcow2 integration of LUKS is working, using extra allocated clusters to store LUKS header instead of trying to expand the main qcow2 header region to > 1 cluster - qemu-img info now works without prompting for decryption password - Unit testing of pbkdf2, afsplit and ivgen APis. Daniel P. Berrange (17): crypto: ensure qcrypto_hash_digest_len is always defined crypto: add cryptographic random byte source crypto: add support for PBKDF2 algorithm crypto: add support for generating initialization vectors crypto: add support for anti-forensic split algorithm crypto: add block encryption framework crypto: implement the LUKS block encryption format block: add flag to indicate that no I/O will be performed qemu-img/qemu-io: don't prompt for passwords if not required block: add generic full disk encryption driver qcow2: make qcow2_encrypt_sectors encrypt in place qcow2: convert QCow2 to use QCryptoBlock for encryption qcow: make encrypt_sectors encrypt in place qcow: convert QCow to use QCryptoBlock for encryption block: rip out all traces of password prompting block: remove all encryption handling APIs block: remove support for legecy AES qcow/qcow2 encryption Makefile.objs | 2 +- block.c | 99 +--- block/Makefile.objs | 2 + block/crypto.c | 540 +++++++++++++++++++++ block/io.c | 2 + block/qapi.c | 2 +- block/qcow.c | 195 ++++---- block/qcow2-cluster.c | 53 +- block/qcow2-refcount.c | 10 + block/qcow2.c | 510 ++++++++++++++++--- block/qcow2.h | 24 +- blockdev.c | 40 +- crypto/Makefile.objs | 16 + crypto/afsplit.c | 162 +++++++ crypto/block-luks.c | 1104 ++++++++++++++++++++++++++++++++++++++++++ crypto/block-luks.h | 28 ++ crypto/block-qcow.c | 167 +++++++ crypto/block-qcow.h | 28 ++ crypto/block.c | 265 ++++++++++ crypto/blockpriv.h | 90 ++++ crypto/hash.c | 30 +- crypto/ivgen-essiv.c | 112 +++++ crypto/ivgen-essiv.h | 28 ++ crypto/ivgen-plain.c | 58 +++ crypto/ivgen-plain.h | 28 ++ crypto/ivgen-plain64.c | 58 +++ crypto/ivgen-plain64.h | 28 ++ crypto/ivgen.c | 98 ++++ crypto/ivgenpriv.h | 49 ++ crypto/pbkdf-gcrypt.c | 65 +++ crypto/pbkdf-nettle.c | 64 +++ crypto/pbkdf-stub.c | 41 ++ crypto/pbkdf.c | 68 +++ crypto/random-gcrypt.c | 33 ++ crypto/random-gnutls.c | 43 ++ crypto/random-stub.c | 31 ++ docs/specs/qcow2.txt | 74 +++ hmp.c | 31 -- hw/usb/dev-storage.c | 34 -- include/block/block.h | 6 +- include/block/block_int.h | 1 - include/crypto/afsplit.h | 135 ++++++ include/crypto/block.h | 233 +++++++++ include/crypto/ivgen.h | 203 ++++++++ include/crypto/pbkdf.h | 152 ++++++ include/crypto/random.h | 43 ++ include/monitor/monitor.h | 7 - include/qemu/osdep.h | 2 - monitor.c | 68 --- qapi/block-core.json | 41 +- qapi/crypto.json | 120 +++++ qemu-img.c | 45 +- qemu-io.c | 21 - qmp.c | 9 - tests/.gitignore | 4 + tests/Makefile | 8 + tests/qemu-iotests/049 | 2 +- tests/qemu-iotests/049.out | 10 +- tests/qemu-iotests/082.out | 189 ++++++++ tests/qemu-iotests/087 | 30 +- tests/qemu-iotests/087.out | 28 +- tests/qemu-iotests/134 | 18 +- tests/qemu-iotests/134.out | 33 +- tests/qemu-iotests/common | 1 + tests/qemu-iotests/common.rc | 4 +- tests/test-crypto-afsplit.c | 176 +++++++ tests/test-crypto-block.c | 343 +++++++++++++ tests/test-crypto-ivgen.c | 168 +++++++ tests/test-crypto-pbkdf.c | 378 +++++++++++++++ util/oslib-posix.c | 66 --- util/oslib-win32.c | 24 - 71 files changed, 6128 insertions(+), 752 deletions(-) create mode 100644 block/crypto.c create mode 100644 crypto/afsplit.c create mode 100644 crypto/block-luks.c create mode 100644 crypto/block-luks.h create mode 100644 crypto/block-qcow.c create mode 100644 crypto/block-qcow.h create mode 100644 crypto/block.c create mode 100644 crypto/blockpriv.h create mode 100644 crypto/ivgen-essiv.c create mode 100644 crypto/ivgen-essiv.h create mode 100644 crypto/ivgen-plain.c create mode 100644 crypto/ivgen-plain.h create mode 100644 crypto/ivgen-plain64.c create mode 100644 crypto/ivgen-plain64.h create mode 100644 crypto/ivgen.c create mode 100644 crypto/ivgenpriv.h create mode 100644 crypto/pbkdf-gcrypt.c create mode 100644 crypto/pbkdf-nettle.c create mode 100644 crypto/pbkdf-stub.c create mode 100644 crypto/pbkdf.c create mode 100644 crypto/random-gcrypt.c create mode 100644 crypto/random-gnutls.c create mode 100644 crypto/random-stub.c create mode 100644 include/crypto/afsplit.h create mode 100644 include/crypto/block.h create mode 100644 include/crypto/ivgen.h create mode 100644 include/crypto/pbkdf.h create mode 100644 include/crypto/random.h create mode 100644 tests/test-crypto-afsplit.c create mode 100644 tests/test-crypto-block.c create mode 100644 tests/test-crypto-ivgen.c create mode 100644 tests/test-crypto-pbkdf.c -- 2.5.0
