From nobody Mon Feb 9 22:09:40 2026 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1526473788765306.11349774736357; Wed, 16 May 2018 05:29:48 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 8AB5BA7FD2; Wed, 16 May 2018 12:29:46 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 4CEB4600C0; Wed, 16 May 2018 12:29:46 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 054344CA94; Wed, 16 May 2018 12:29:46 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.25]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w4GCTabK001386 for ; Wed, 16 May 2018 08:29:36 -0400 Received: by smtp.corp.redhat.com (Postfix) id 3F8362010CB2; Wed, 16 May 2018 12:29:36 +0000 (UTC) Received: from localhost.localdomain.com (ovpn-116-88.phx2.redhat.com [10.3.116.88]) by smtp.corp.redhat.com (Postfix) with ESMTP id DC7EB20155E8 for ; Wed, 16 May 2018 12:29:35 +0000 (UTC) From: John Ferlan To: libvir-list@redhat.com Date: Wed, 16 May 2018 08:29:28 -0400 Message-Id: <20180516122931.30854-2-jferlan@redhat.com> In-Reply-To: <20180516122931.30854-1-jferlan@redhat.com> References: <20180516122931.30854-1-jferlan@redhat.com> X-Scanned-By: MIMEDefang 2.84 on 10.5.11.25 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH v2 1/4] storage_util: Alter qemu storage encryption arguments X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.28]); Wed, 16 May 2018 12:29:47 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" https://bugzilla.redhat.com/show_bug.cgi?id=3D1526382 As of QEMU 2.9, qemu-img has enforced using the "encrypt.key-secret" in order to create a qcow[2] encrypted volume. Thus, the existing code to create an encrypted volume using qcow[2] encryption techniques will fail, such as : $ qemu-img create -f qcow2 -b /dev/null \ -o backing_fmt=3Draw,encryption=3Don \ demo.tmp 5242880K Formatting 'demo.tmp', fmt=3Dqcow2 size=3D5368709120 backing_file=3D/dev/= null backing_fmt=3Draw encryption=3Don cluster_size=3D65536 lazy_refcounts=3Do= ff refcount_bits=3D16 qemu-img: demo.tmp: Parameter 'encrypt.key-secret' is required for cipher $ This patch will resolve this by adding the correct parameters for the creation. The new format of parameters roughly follows that of LUKS encryption model with a few minor differences: 1. Usage of "encrypt.key-secret=3D$alias" instead of just plain "key-secret=3D$alias" as the parameter. 2. Usage of "encrypt.format=3Daes" instead of "encryption=3Don" The result is the following command syntax for the same example: $ qemu-img create -f qcow2 -b /dev/null \ --object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretF= ile \ -o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0= \ demo.tmp 5242880K Formatting 'test.img', fmt=3Dqcow2 size=3D5368709120 backing_file=3D/dev/= null backing_fmt=3Draw encrypt.format=3Daes encrypt.key-secret=3Dsec0 cluster_= size=3D65536 lazy_refcounts=3Doff refcount_bits=3D16 $ Thus this patch removes the LUKS specific checks in a few places and alters the algorithms as necessary in order to allow either form of encryption. The storagevolxml2argvtest.c test is adjusted to pass a dummy path to the secret file and the outputs adjusted to illustrate the new format for the various arguments. This patch requires usage of the secrets object and model. There is no plan for backwards compatibility for qcow[2] encryption. The desire is to move towards usage of LUKS encryption anyway. NB: Although the qemu-img convert examples change in the test output, they are essentially still broken (they wouldn't work before this patch either for the same reasons create fails). A follow-up patch will alter the algorithm and syntax. Signed-off-by: John Ferlan --- src/storage/storage_util.c | 24 +++++++++++-------= ---- src/util/virqemu.c | 10 +++++++-- src/util/virqemu.h | 3 ++- tests/storagevolxml2argvdata/qcow2-1.1.argv | 4 +++- tests/storagevolxml2argvdata/qcow2-compat.argv | 4 +++- .../qcow2-from-logical-compat.argv | 3 ++- tests/storagevolxml2argvdata/qcow2-lazy.argv | 6 ++++-- .../qcow2-nobacking-convert-prealloc-compat.argv | 4 +++- .../qcow2-nobacking-prealloc-compat.argv | 4 +++- .../qcow2-nocapacity-convert-prealloc.argv | 7 ++++--- tests/storagevolxml2argvdata/qcow2-nocapacity.argv | 4 +++- .../storagevolxml2argvdata/qcow2-nocow-compat.argv | 6 ++++-- tests/storagevolxml2argvdata/qcow2-nocow.argv | 3 ++- tests/storagevolxml2argvtest.c | 2 +- 14 files changed, 54 insertions(+), 30 deletions(-) diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c index 554fc757ed..a8a6a3e401 100644 --- a/src/storage/storage_util.c +++ b/src/storage/storage_util.c @@ -827,11 +827,10 @@ storageBackendCreateQemuImgOpts(virStorageEncryptionI= nfoDefPtr enc, virBufferAsprintf(&buf, "backing_fmt=3D%s,", virStorageFileFormatTypeToString(info.backingFor= mat)); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && enc) { - virQEMUBuildQemuImgKeySecretOpts(&buf, enc, info.secretAlias); - } else { - if (info.encryption) - virBufferAddLit(&buf, "encryption=3Don,"); + if (enc) { + bool qcow =3D (info.format =3D=3D VIR_STORAGE_FILE_QCOW || + info.format =3D=3D VIR_STORAGE_FILE_QCOW2); + virQEMUBuildQemuImgKeySecretOpts(&buf, enc, info.secretAlias, qcow= ); } =20 if (info.preallocate) { @@ -1231,8 +1230,12 @@ virStorageBackendCreateQemuImgCmdFromVol(virStorageP= oolObjPtr pool, if (info.backingPath) virCommandAddArgList(cmd, "-b", info.backingPath, NULL); =20 - if (info.format =3D=3D VIR_STORAGE_FILE_RAW && vol->target.encryption = && - vol->target.encryption->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMA= T_LUKS) { + if (vol->target.encryption) { + if (!secretPath) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("path to secret data file is required")); + return NULL; + } if (virAsprintf(&info.secretAlias, "%s_encrypt0", vol->name) < 0) goto error; if (storageBackendCreateQemuImgSecretObject(cmd, info.secretPath, @@ -1344,11 +1347,8 @@ storageBackendGenerateSecretData(virStoragePoolObjPt= r pool, return -1; } =20 - if (vol->target.format =3D=3D VIR_STORAGE_FILE_RAW && - enc->format =3D=3D VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) { - if (!(*secretPath =3D storageBackendCreateQemuImgSecretPath(pool, = vol))) - return -1; - } + if (!(*secretPath =3D storageBackendCreateQemuImgSecretPath(pool, vol)= )) + return -1; =20 return 0; } diff --git a/src/util/virqemu.c b/src/util/virqemu.c index 04cd71605e..b20d09d945 100644 --- a/src/util/virqemu.c +++ b/src/util/virqemu.c @@ -307,6 +307,7 @@ virQEMUBuildBufferEscapeComma(virBufferPtr buf, const c= har *str) * @buf: buffer to build the string into * @enc: pointer to encryption info * @alias: alias to use + * @qcow: using qcow encryption * * Generate the string for id=3D$alias and any encryption options for * into the buffer. @@ -315,7 +316,8 @@ virQEMUBuildBufferEscapeComma(virBufferPtr buf, const c= har *str) * it's expected other arguments are appended after the id=3D$alias string. * So either turn something like: * - * "key-secret=3D$alias," + * "key-secret=3D$alias," or + * "encrypt.format=3Daes,encrypt.key-secret=3D$alias," * * or * "key-secret=3D$alias,cipher-alg=3Dtwofish-256,cipher-mode=3Dcbc, @@ -325,8 +327,12 @@ virQEMUBuildBufferEscapeComma(virBufferPtr buf, const = char *str) void virQEMUBuildQemuImgKeySecretOpts(virBufferPtr buf, virStorageEncryptionInfoDefPtr enc, - const char *alias) + const char *alias, + bool qcow) { + if (qcow) + virBufferAddLit(buf, "encrypt.format=3Daes,encrypt."); + virBufferAsprintf(buf, "key-secret=3D%s,", alias); =20 if (!enc->cipher_name) diff --git a/src/util/virqemu.h b/src/util/virqemu.h index 2599481753..9a01640c6e 100644 --- a/src/util/virqemu.h +++ b/src/util/virqemu.h @@ -52,7 +52,8 @@ char *virQEMUBuildDriveCommandlineFromJSON(virJSONValuePt= r src); void virQEMUBuildBufferEscapeComma(virBufferPtr buf, const char *str); void virQEMUBuildQemuImgKeySecretOpts(virBufferPtr buf, virStorageEncryptionInfoDefPtr enc, - const char *alias) + const char *alias, + bool qcow) ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(3); =20 #endif /* __VIR_QEMU_H_ */ diff --git a/tests/storagevolxml2argvdata/qcow2-1.1.argv b/tests/storagevol= xml2argvdata/qcow2-1.1.argv index c4dcb1bc3c..ff3d62d0a1 100644 --- a/tests/storagevolxml2argvdata/qcow2-1.1.argv +++ b/tests/storagevolxml2argvdata/qcow2-1.1.argv @@ -1,3 +1,5 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D1.1 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o backing_fmt=3Draw,encrypt.format=3Daes,\ +encrypt.key-secret=3DOtherDemo.img_encrypt0,compat=3D1.1 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-compat.argv b/tests/storage= volxml2argvdata/qcow2-compat.argv index 37ad2c078d..8aa8c7ce84 100644 --- a/tests/storagevolxml2argvdata/qcow2-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-compat.argv @@ -1,3 +1,5 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D0.10 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o backing_fmt=3Draw,encrypt.format=3Daes,\ +encrypt.key-secret=3DOtherDemo.img_encrypt0,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv b/= tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv index 5f365b1f84..849c5f0218 100644 --- a/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-from-logical-compat.argv @@ -1,3 +1,4 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,compat=3D0.10 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0,compat= =3D0.10 \ /dev/HostVG/Swap /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-lazy.argv b/tests/storagevo= lxml2argvdata/qcow2-lazy.argv index b7058b84cc..0c29a3fb33 100644 --- a/tests/storagevolxml2argvdata/qcow2-lazy.argv +++ b/tests/storagevolxml2argvdata/qcow2-lazy.argv @@ -1,3 +1,5 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D1.1,lazy_refcounts \ -/var/lib/libvirt/images/OtherDemo.img 5242880K +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o backing_fmt=3Draw,encrypt.format=3Daes,\ +encrypt.key-secret=3DOtherDemo.img_encrypt0,compat=3D1.1,\ +lazy_refcounts /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-= compat.argv b/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc= -compat.argv index 3d93ec8480..a95749eafa 100644 --- a/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-compat.= argv +++ b/tests/storagevolxml2argvdata/qcow2-nobacking-convert-prealloc-compat.= argv @@ -1,3 +1,5 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,preallocation=3Dmetadata,compat=3D0.10 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0,\ +preallocation=3Dmetadata,compat=3D0.10 \ /var/lib/libvirt/images/sparse.img /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.a= rgv b/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv index 903c94e33d..30b61442a4 100644 --- a/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-nobacking-prealloc-compat.argv @@ -1,3 +1,5 @@ qemu-img create -f qcow2 \ --o encryption=3Don,preallocation=3Dmetadata,compat=3D0.10 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0,\ +preallocation=3Dmetadata,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc= .argv b/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv index 73499178e7..51bdaaf684 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocapacity-convert-prealloc.argv @@ -1,4 +1,5 @@ qemu-img convert -f raw -O qcow2 \ --o encryption=3Don,preallocation=3Dfalloc,compat=3D0.10 \ -/var/lib/libvirt/images/sparse.img \ -/var/lib/libvirt/images/OtherDemo.img +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0,\ +preallocation=3Dfalloc,compat=3D0.10 \ +/var/lib/libvirt/images/sparse.img /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nocapacity.argv b/tests/sto= ragevolxml2argvdata/qcow2-nocapacity.argv index fd88055890..920cff8771 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocapacity.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocapacity.argv @@ -1,5 +1,7 @@ qemu-img create \ -f qcow2 \ -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,compat=3D0.10 \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o backing_fmt=3Draw,encrypt.format=3Daes,\ +encrypt.key-secret=3DOtherDemo.img_encrypt0,compat=3D0.10 \ /var/lib/libvirt/images/OtherDemo.img diff --git a/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv b/tests/s= toragevolxml2argvdata/qcow2-nocow-compat.argv index d5a7547011..1c9a1a4da4 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocow-compat.argv @@ -1,3 +1,5 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,nocow=3Don,compat=3D0.10 \ -/var/lib/libvirt/images/OtherDemo.img 5242880K +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o backing_fmt=3Draw,encrypt.format=3Daes,\ +encrypt.key-secret=3DOtherDemo.img_encrypt0,nocow=3Don,\ +compat=3D0.10 /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvdata/qcow2-nocow.argv b/tests/storagev= olxml2argvdata/qcow2-nocow.argv index e54801c78a..68c16f8e20 100644 --- a/tests/storagevolxml2argvdata/qcow2-nocow.argv +++ b/tests/storagevolxml2argvdata/qcow2-nocow.argv @@ -1,3 +1,4 @@ qemu-img create -f qcow2 -b /dev/null \ --o backing_fmt=3Draw,encryption=3Don,nocow=3Don \ +--object secret,id=3DOtherDemo.img_encrypt0,file=3D/path/to/secretFile \ +-o encrypt.format=3Daes,encrypt.key-secret=3DOtherDemo.img_encrypt0,nocow= =3Don \ /var/lib/libvirt/images/OtherDemo.img 5242880K diff --git a/tests/storagevolxml2argvtest.c b/tests/storagevolxml2argvtest.c index 0265a0ffe2..4286c50c6e 100644 --- a/tests/storagevolxml2argvtest.c +++ b/tests/storagevolxml2argvtest.c @@ -82,7 +82,7 @@ testCompareXMLToArgvFiles(bool shouldFail, cmd =3D virStorageBackendCreateQemuImgCmdFromVol(obj, vol, inputvol, flags, create_tool, - NULL); + "/path/to/secretFile"); if (!cmd) { if (shouldFail) { virResetLastError(); --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list