2 * QEMU block full disk encryption
4 * Copyright (c) 2015-2016 Red Hat, Inc.
6 * This library is free software; you can redistribute it and/or
7 * modify it under the terms of the GNU Lesser General Public
8 * License as published by the Free Software Foundation; either
9 * version 2 of the License, or (at your option) any later version.
11 * This library is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 * Lesser General Public License for more details.
16 * You should have received a copy of the GNU Lesser General Public
17 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
21 #include "qemu/osdep.h"
23 #include "block/block_int.h"
24 #include "block/qdict.h"
25 #include "sysemu/block-backend.h"
26 #include "crypto/block.h"
27 #include "qapi/opts-visitor.h"
28 #include "qapi/qapi-visit-crypto.h"
29 #include "qapi/qobject-input-visitor.h"
30 #include "qapi/error.h"
31 #include "qemu/module.h"
32 #include "qemu/option.h"
33 #include "qemu/cutils.h"
36 typedef struct BlockCrypto BlockCrypto
;
43 static int block_crypto_probe_generic(QCryptoBlockFormat format
,
48 if (qcrypto_block_has_format(format
, buf
, buf_size
)) {
56 static ssize_t
block_crypto_read_func(QCryptoBlock
*block
,
63 BlockDriverState
*bs
= opaque
;
66 ret
= bdrv_pread(bs
->file
, offset
, buf
, buflen
);
68 error_setg_errno(errp
, -ret
, "Could not read encryption header");
75 struct BlockCryptoCreateData
{
78 PreallocMode prealloc
;
82 static ssize_t
block_crypto_write_func(QCryptoBlock
*block
,
89 struct BlockCryptoCreateData
*data
= opaque
;
92 ret
= blk_pwrite(data
->blk
, offset
, buf
, buflen
, 0);
94 error_setg_errno(errp
, -ret
, "Could not write encryption header");
101 static ssize_t
block_crypto_init_func(QCryptoBlock
*block
,
106 struct BlockCryptoCreateData
*data
= opaque
;
108 if (data
->size
> INT64_MAX
|| headerlen
> INT64_MAX
- data
->size
) {
109 error_setg(errp
, "The requested file size is too large");
113 /* User provided size should reflect amount of space made
114 * available to the guest, so we must take account of that
115 * which will be used by the crypto header
117 return blk_truncate(data
->blk
, data
->size
+ headerlen
, false,
118 data
->prealloc
, errp
);
122 static QemuOptsList block_crypto_runtime_opts_luks
= {
124 .head
= QTAILQ_HEAD_INITIALIZER(block_crypto_runtime_opts_luks
.head
),
126 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
127 { /* end of list */ }
132 static QemuOptsList block_crypto_create_opts_luks
= {
134 .head
= QTAILQ_HEAD_INITIALIZER(block_crypto_create_opts_luks
.head
),
137 .name
= BLOCK_OPT_SIZE
,
138 .type
= QEMU_OPT_SIZE
,
139 .help
= "Virtual disk size"
141 BLOCK_CRYPTO_OPT_DEF_LUKS_KEY_SECRET(""),
142 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_ALG(""),
143 BLOCK_CRYPTO_OPT_DEF_LUKS_CIPHER_MODE(""),
144 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_ALG(""),
145 BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
146 BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
147 BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
148 { /* end of list */ }
153 QCryptoBlockOpenOptions
*
154 block_crypto_open_opts_init(QDict
*opts
, Error
**errp
)
157 QCryptoBlockOpenOptions
*ret
;
159 v
= qobject_input_visitor_new_flat_confused(opts
, errp
);
164 visit_type_QCryptoBlockOpenOptions(v
, NULL
, &ret
, errp
);
171 QCryptoBlockCreateOptions
*
172 block_crypto_create_opts_init(QDict
*opts
, Error
**errp
)
175 QCryptoBlockCreateOptions
*ret
;
177 v
= qobject_input_visitor_new_flat_confused(opts
, errp
);
182 visit_type_QCryptoBlockCreateOptions(v
, NULL
, &ret
, errp
);
189 static int block_crypto_open_generic(QCryptoBlockFormat format
,
190 QemuOptsList
*opts_spec
,
191 BlockDriverState
*bs
,
196 BlockCrypto
*crypto
= bs
->opaque
;
197 QemuOpts
*opts
= NULL
;
198 Error
*local_err
= NULL
;
200 QCryptoBlockOpenOptions
*open_opts
= NULL
;
201 unsigned int cflags
= 0;
202 QDict
*cryptoopts
= NULL
;
204 bs
->file
= bdrv_open_child(NULL
, options
, "file", bs
, &child_file
,
210 bs
->supported_write_flags
= BDRV_REQ_FUA
&
211 bs
->file
->bs
->supported_write_flags
;
213 opts
= qemu_opts_create(opts_spec
, NULL
, 0, &error_abort
);
214 qemu_opts_absorb_qdict(opts
, options
, &local_err
);
216 error_propagate(errp
, local_err
);
220 cryptoopts
= qemu_opts_to_qdict(opts
, NULL
);
221 qdict_put_str(cryptoopts
, "format", QCryptoBlockFormat_str(format
));
223 open_opts
= block_crypto_open_opts_init(cryptoopts
, errp
);
228 if (flags
& BDRV_O_NO_IO
) {
229 cflags
|= QCRYPTO_BLOCK_OPEN_NO_IO
;
231 crypto
->block
= qcrypto_block_open(open_opts
, NULL
,
232 block_crypto_read_func
,
238 if (!crypto
->block
) {
243 bs
->encrypted
= true;
247 qobject_unref(cryptoopts
);
248 qapi_free_QCryptoBlockOpenOptions(open_opts
);
253 static int block_crypto_co_create_generic(BlockDriverState
*bs
,
255 QCryptoBlockCreateOptions
*opts
,
256 PreallocMode prealloc
,
261 QCryptoBlock
*crypto
= NULL
;
262 struct BlockCryptoCreateData data
;
264 blk
= blk_new(bdrv_get_aio_context(bs
),
265 BLK_PERM_WRITE
| BLK_PERM_RESIZE
, BLK_PERM_ALL
);
267 ret
= blk_insert_bs(blk
, bs
, errp
);
272 if (prealloc
== PREALLOC_MODE_METADATA
) {
273 prealloc
= PREALLOC_MODE_OFF
;
276 data
= (struct BlockCryptoCreateData
) {
279 .prealloc
= prealloc
,
282 crypto
= qcrypto_block_create(opts
, NULL
,
283 block_crypto_init_func
,
284 block_crypto_write_func
,
295 qcrypto_block_free(crypto
);
300 static int coroutine_fn
301 block_crypto_co_truncate(BlockDriverState
*bs
, int64_t offset
, bool exact
,
302 PreallocMode prealloc
, Error
**errp
)
304 BlockCrypto
*crypto
= bs
->opaque
;
305 uint64_t payload_offset
=
306 qcrypto_block_get_payload_offset(crypto
->block
);
308 if (payload_offset
> INT64_MAX
- offset
) {
309 error_setg(errp
, "The requested file size is too large");
313 offset
+= payload_offset
;
315 return bdrv_co_truncate(bs
->file
, offset
, exact
, prealloc
, errp
);
318 static void block_crypto_close(BlockDriverState
*bs
)
320 BlockCrypto
*crypto
= bs
->opaque
;
321 qcrypto_block_free(crypto
->block
);
324 static int block_crypto_reopen_prepare(BDRVReopenState
*state
,
325 BlockReopenQueue
*queue
, Error
**errp
)
327 /* nothing needs checking */
332 * 1 MB bounce buffer gives good performance / memory tradeoff
333 * when using cache=none|directsync.
335 #define BLOCK_CRYPTO_MAX_IO_SIZE (1024 * 1024)
337 static coroutine_fn
int
338 block_crypto_co_preadv(BlockDriverState
*bs
, uint64_t offset
, uint64_t bytes
,
339 QEMUIOVector
*qiov
, int flags
)
341 BlockCrypto
*crypto
= bs
->opaque
;
342 uint64_t cur_bytes
; /* number of bytes in current iteration */
343 uint64_t bytes_done
= 0;
344 uint8_t *cipher_data
= NULL
;
345 QEMUIOVector hd_qiov
;
347 uint64_t sector_size
= qcrypto_block_get_sector_size(crypto
->block
);
348 uint64_t payload_offset
= qcrypto_block_get_payload_offset(crypto
->block
);
351 assert(payload_offset
< INT64_MAX
);
352 assert(QEMU_IS_ALIGNED(offset
, sector_size
));
353 assert(QEMU_IS_ALIGNED(bytes
, sector_size
));
355 qemu_iovec_init(&hd_qiov
, qiov
->niov
);
357 /* Bounce buffer because we don't wish to expose cipher text
358 * in qiov which points to guest memory.
361 qemu_try_blockalign(bs
->file
->bs
, MIN(BLOCK_CRYPTO_MAX_IO_SIZE
,
363 if (cipher_data
== NULL
) {
369 cur_bytes
= MIN(bytes
, BLOCK_CRYPTO_MAX_IO_SIZE
);
371 qemu_iovec_reset(&hd_qiov
);
372 qemu_iovec_add(&hd_qiov
, cipher_data
, cur_bytes
);
374 ret
= bdrv_co_preadv(bs
->file
, payload_offset
+ offset
+ bytes_done
,
375 cur_bytes
, &hd_qiov
, 0);
380 if (qcrypto_block_decrypt(crypto
->block
, offset
+ bytes_done
,
381 cipher_data
, cur_bytes
, NULL
) < 0) {
386 qemu_iovec_from_buf(qiov
, bytes_done
, cipher_data
, cur_bytes
);
389 bytes_done
+= cur_bytes
;
393 qemu_iovec_destroy(&hd_qiov
);
394 qemu_vfree(cipher_data
);
400 static coroutine_fn
int
401 block_crypto_co_pwritev(BlockDriverState
*bs
, uint64_t offset
, uint64_t bytes
,
402 QEMUIOVector
*qiov
, int flags
)
404 BlockCrypto
*crypto
= bs
->opaque
;
405 uint64_t cur_bytes
; /* number of bytes in current iteration */
406 uint64_t bytes_done
= 0;
407 uint8_t *cipher_data
= NULL
;
408 QEMUIOVector hd_qiov
;
410 uint64_t sector_size
= qcrypto_block_get_sector_size(crypto
->block
);
411 uint64_t payload_offset
= qcrypto_block_get_payload_offset(crypto
->block
);
413 assert(!(flags
& ~BDRV_REQ_FUA
));
414 assert(payload_offset
< INT64_MAX
);
415 assert(QEMU_IS_ALIGNED(offset
, sector_size
));
416 assert(QEMU_IS_ALIGNED(bytes
, sector_size
));
418 qemu_iovec_init(&hd_qiov
, qiov
->niov
);
420 /* Bounce buffer because we're not permitted to touch
421 * contents of qiov - it points to guest memory.
424 qemu_try_blockalign(bs
->file
->bs
, MIN(BLOCK_CRYPTO_MAX_IO_SIZE
,
426 if (cipher_data
== NULL
) {
432 cur_bytes
= MIN(bytes
, BLOCK_CRYPTO_MAX_IO_SIZE
);
434 qemu_iovec_to_buf(qiov
, bytes_done
, cipher_data
, cur_bytes
);
436 if (qcrypto_block_encrypt(crypto
->block
, offset
+ bytes_done
,
437 cipher_data
, cur_bytes
, NULL
) < 0) {
442 qemu_iovec_reset(&hd_qiov
);
443 qemu_iovec_add(&hd_qiov
, cipher_data
, cur_bytes
);
445 ret
= bdrv_co_pwritev(bs
->file
, payload_offset
+ offset
+ bytes_done
,
446 cur_bytes
, &hd_qiov
, flags
);
452 bytes_done
+= cur_bytes
;
456 qemu_iovec_destroy(&hd_qiov
);
457 qemu_vfree(cipher_data
);
462 static void block_crypto_refresh_limits(BlockDriverState
*bs
, Error
**errp
)
464 BlockCrypto
*crypto
= bs
->opaque
;
465 uint64_t sector_size
= qcrypto_block_get_sector_size(crypto
->block
);
466 bs
->bl
.request_alignment
= sector_size
; /* No sub-sector I/O */
470 static int64_t block_crypto_getlength(BlockDriverState
*bs
)
472 BlockCrypto
*crypto
= bs
->opaque
;
473 int64_t len
= bdrv_getlength(bs
->file
->bs
);
475 uint64_t offset
= qcrypto_block_get_payload_offset(crypto
->block
);
476 assert(offset
< INT64_MAX
);
488 static BlockMeasureInfo
*block_crypto_measure(QemuOpts
*opts
,
489 BlockDriverState
*in_bs
,
492 g_autoptr(QCryptoBlockCreateOptions
) create_opts
= NULL
;
493 Error
*local_err
= NULL
;
494 BlockMeasureInfo
*info
;
496 size_t luks_payload_size
;
500 * Preallocation mode doesn't affect size requirements but we must consume
503 g_free(qemu_opt_get_del(opts
, BLOCK_OPT_PREALLOC
));
505 size
= qemu_opt_get_size_del(opts
, BLOCK_OPT_SIZE
, 0);
508 int64_t ssize
= bdrv_getlength(in_bs
);
511 error_setg_errno(&local_err
, -ssize
,
512 "Unable to get image virtual_size");
519 cryptoopts
= qemu_opts_to_qdict_filtered(opts
, NULL
,
520 &block_crypto_create_opts_luks
, true);
521 qdict_put_str(cryptoopts
, "format", "luks");
522 create_opts
= block_crypto_create_opts_init(cryptoopts
, &local_err
);
523 qobject_unref(cryptoopts
);
528 if (!qcrypto_block_calculate_payload_offset(create_opts
, NULL
,
535 * Unallocated blocks are still encrypted so allocation status makes no
536 * difference to the file size.
538 info
= g_new(BlockMeasureInfo
, 1);
539 info
->fully_allocated
= luks_payload_size
+ size
;
540 info
->required
= luks_payload_size
+ size
;
544 error_propagate(errp
, local_err
);
549 static int block_crypto_probe_luks(const uint8_t *buf
,
551 const char *filename
) {
552 return block_crypto_probe_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS
,
553 buf
, buf_size
, filename
);
556 static int block_crypto_open_luks(BlockDriverState
*bs
,
561 return block_crypto_open_generic(Q_CRYPTO_BLOCK_FORMAT_LUKS
,
562 &block_crypto_runtime_opts_luks
,
563 bs
, options
, flags
, errp
);
566 static int coroutine_fn
567 block_crypto_co_create_luks(BlockdevCreateOptions
*create_options
, Error
**errp
)
569 BlockdevCreateOptionsLUKS
*luks_opts
;
570 BlockDriverState
*bs
= NULL
;
571 QCryptoBlockCreateOptions create_opts
;
572 PreallocMode preallocation
= PREALLOC_MODE_OFF
;
575 assert(create_options
->driver
== BLOCKDEV_DRIVER_LUKS
);
576 luks_opts
= &create_options
->u
.luks
;
578 bs
= bdrv_open_blockdev_ref(luks_opts
->file
, errp
);
583 create_opts
= (QCryptoBlockCreateOptions
) {
584 .format
= Q_CRYPTO_BLOCK_FORMAT_LUKS
,
585 .u
.luks
= *qapi_BlockdevCreateOptionsLUKS_base(luks_opts
),
588 if (luks_opts
->has_preallocation
) {
589 preallocation
= luks_opts
->preallocation
;
592 ret
= block_crypto_co_create_generic(bs
, luks_opts
->size
, &create_opts
,
593 preallocation
, errp
);
604 static int coroutine_fn
block_crypto_co_create_opts_luks(const char *filename
,
608 QCryptoBlockCreateOptions
*create_opts
= NULL
;
609 BlockDriverState
*bs
= NULL
;
611 PreallocMode prealloc
;
615 Error
*local_err
= NULL
;
618 size
= qemu_opt_get_size_del(opts
, BLOCK_OPT_SIZE
, 0);
620 buf
= qemu_opt_get_del(opts
, BLOCK_OPT_PREALLOC
);
621 prealloc
= qapi_enum_parse(&PreallocMode_lookup
, buf
,
622 PREALLOC_MODE_OFF
, &local_err
);
625 error_propagate(errp
, local_err
);
629 cryptoopts
= qemu_opts_to_qdict_filtered(opts
, NULL
,
630 &block_crypto_create_opts_luks
,
633 qdict_put_str(cryptoopts
, "format", "luks");
634 create_opts
= block_crypto_create_opts_init(cryptoopts
, errp
);
640 /* Create protocol layer */
641 ret
= bdrv_create_file(filename
, opts
, errp
);
646 bs
= bdrv_open(filename
, NULL
, NULL
,
647 BDRV_O_RDWR
| BDRV_O_RESIZE
| BDRV_O_PROTOCOL
, errp
);
653 /* Create format layer */
654 ret
= block_crypto_co_create_generic(bs
, size
, create_opts
, prealloc
, errp
);
662 * If an error occurred, delete 'filename'. Even if the file existed
663 * beforehand, it has been truncated and corrupted in the process.
666 Error
*local_delete_err
= NULL
;
667 int r_del
= bdrv_co_delete_file(bs
, &local_delete_err
);
669 * ENOTSUP will happen if the block driver doesn't support
670 * the 'bdrv_co_delete_file' interface. This is a predictable
671 * scenario and shouldn't be reported back to the user.
673 if ((r_del
< 0) && (r_del
!= -ENOTSUP
)) {
674 error_report_err(local_delete_err
);
679 qapi_free_QCryptoBlockCreateOptions(create_opts
);
680 qobject_unref(cryptoopts
);
684 static int block_crypto_get_info_luks(BlockDriverState
*bs
,
685 BlockDriverInfo
*bdi
)
687 BlockDriverInfo subbdi
;
690 ret
= bdrv_get_info(bs
->file
->bs
, &subbdi
);
695 bdi
->unallocated_blocks_are_zero
= false;
696 bdi
->cluster_size
= subbdi
.cluster_size
;
701 static ImageInfoSpecific
*
702 block_crypto_get_specific_info_luks(BlockDriverState
*bs
, Error
**errp
)
704 BlockCrypto
*crypto
= bs
->opaque
;
705 ImageInfoSpecific
*spec_info
;
706 QCryptoBlockInfo
*info
;
708 info
= qcrypto_block_get_info(crypto
->block
, errp
);
712 assert(info
->format
== Q_CRYPTO_BLOCK_FORMAT_LUKS
);
714 spec_info
= g_new(ImageInfoSpecific
, 1);
715 spec_info
->type
= IMAGE_INFO_SPECIFIC_KIND_LUKS
;
716 spec_info
->u
.luks
.data
= g_new(QCryptoBlockInfoLUKS
, 1);
717 *spec_info
->u
.luks
.data
= info
->u
.luks
;
719 /* Blank out pointers we've just stolen to avoid double free */
720 memset(&info
->u
.luks
, 0, sizeof(info
->u
.luks
));
722 qapi_free_QCryptoBlockInfo(info
);
727 static const char *const block_crypto_strong_runtime_opts
[] = {
728 BLOCK_CRYPTO_OPT_LUKS_KEY_SECRET
,
733 static BlockDriver bdrv_crypto_luks
= {
734 .format_name
= "luks",
735 .instance_size
= sizeof(BlockCrypto
),
736 .bdrv_probe
= block_crypto_probe_luks
,
737 .bdrv_open
= block_crypto_open_luks
,
738 .bdrv_close
= block_crypto_close
,
739 /* This driver doesn't modify LUKS metadata except when creating image.
740 * Allow share-rw=on as a special case. */
741 .bdrv_child_perm
= bdrv_filter_default_perms
,
742 .bdrv_co_create
= block_crypto_co_create_luks
,
743 .bdrv_co_create_opts
= block_crypto_co_create_opts_luks
,
744 .bdrv_co_truncate
= block_crypto_co_truncate
,
745 .create_opts
= &block_crypto_create_opts_luks
,
747 .bdrv_reopen_prepare
= block_crypto_reopen_prepare
,
748 .bdrv_refresh_limits
= block_crypto_refresh_limits
,
749 .bdrv_co_preadv
= block_crypto_co_preadv
,
750 .bdrv_co_pwritev
= block_crypto_co_pwritev
,
751 .bdrv_getlength
= block_crypto_getlength
,
752 .bdrv_measure
= block_crypto_measure
,
753 .bdrv_get_info
= block_crypto_get_info_luks
,
754 .bdrv_get_specific_info
= block_crypto_get_specific_info_luks
,
756 .strong_runtime_opts
= block_crypto_strong_runtime_opts
,
759 static void block_crypto_init(void)
761 bdrv_register(&bdrv_crypto_luks
);
764 block_init(block_crypto_init
);