Re: [Qemu-block] [Qemu-devel] [PATCH 03/13] qcrypto-luks: refactoring: extract load/store/check/parse header functions

Sun, 25 Aug 2019 07:10:08 -0700 

On Thu, 2019-08-22 at 11:38 +0100, Daniel P. Berrangé wrote:
> On Wed, Aug 14, 2019 at 11:22:09PM +0300, Maxim Levitsky wrote:
> > With upcoming key management, the header will
> > need to be stored after the image is created.
> > 
> > Extracting load header isn't strictly needed, but
> > do this anyway for the symmetry.
> > 
> > Also I extracted a function that does basic sanity
> > checks on the just read header, and a function
> > which parses all the crypto format to make the
> > code a bit more readable, plus now the code
> > doesn't destruct the in-header cipher-mode string,
> > so that the header now can be stored many times,
> > which is needed for the key management.
> > 
> > Also this allows to contain the endianess conversions
> > in these functions alone
> > 
> > The header is no longer endian swapped in place,
> > to prevent (mostly theoretical races I think)
> > races where someone could see the header in the
> > process of beeing byteswapped.
> > 
> > Signed-off-by: Maxim Levitsky <mlevi...@redhat.com>
> > ---
> >  crypto/block-luks.c | 756 ++++++++++++++++++++++++++------------------
> >  1 file changed, 440 insertions(+), 316 deletions(-)
> >      if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
> >          /* Try to find which key slot our password is valid for
> >           * and unlock the master key from that slot.
> >           */
> > -
> >          masterkey = g_new0(uint8_t, masterkeylen(luks));
> >  
> >          if (qcrypto_block_luks_find_key(block,
> > @@ -845,12 +1132,10 @@ qcrypto_block_luks_open(QCryptoBlock *block,
> >      }
> >  
> >      block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> > -    block->payload_offset = luks->header.payload_offset *
> > -        block->sector_size;
> > +    block->payload_offset = luks->header.payload_offset * 
> > block->sector_size;
> >  
> >      g_free(masterkey);
> >      g_free(password);
> > -
> >      return 0;
> 
> Smoe unrelated whitespace changes here.
> 
> 
> > +    /* populate the slot 0 with the password encrypted master key*/
> > +    /* This will also store the header */
> > +    if (qcrypto_block_luks_store_key(block,
> > +                                     0,
> > +                                     password,
> > +                                     masterkey,
> > +                                     luks_opts.iter_time,
> > +                                     writefunc,
> > +                                     opaque,
> > +                                     errp)) {
> >          goto error;
> > -    }
> > +     }
> 
> Indent is off by 1
> 
> 
> Regards,
> Daniel


Fixed,


Best regards,
        Maxim Levitsky

Reply via email to