1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27#include "qemu/osdep.h"
28#include "qapi/error.h"
29
30#include "crypto/block-qcow.h"
31#include "crypto/secret.h"
32
33#define QCRYPTO_BLOCK_QCOW_SECTOR_SIZE 512
34
35
36static bool
37qcrypto_block_qcow_has_format(const uint8_t *buf G_GNUC_UNUSED,
38 size_t buf_size G_GNUC_UNUSED)
39{
40 return false;
41}
42
43
44static int
45qcrypto_block_qcow_init(QCryptoBlock *block,
46 const char *keysecret,
47 Error **errp)
48{
49 char *password;
50 int ret;
51 uint8_t keybuf[16];
52 int len;
53
54 memset(keybuf, 0, 16);
55
56 password = qcrypto_secret_lookup_as_utf8(keysecret, errp);
57 if (!password) {
58 return -1;
59 }
60
61 len = strlen(password);
62 memcpy(keybuf, password, MIN(len, sizeof(keybuf)));
63 g_free(password);
64
65 block->niv = qcrypto_cipher_get_iv_len(QCRYPTO_CIPHER_ALG_AES_128,
66 QCRYPTO_CIPHER_MODE_CBC);
67 block->ivgen = qcrypto_ivgen_new(QCRYPTO_IVGEN_ALG_PLAIN64,
68 0, 0, NULL, 0, errp);
69 if (!block->ivgen) {
70 ret = -ENOTSUP;
71 goto fail;
72 }
73
74 block->cipher = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_128,
75 QCRYPTO_CIPHER_MODE_CBC,
76 keybuf, G_N_ELEMENTS(keybuf),
77 errp);
78 if (!block->cipher) {
79 ret = -ENOTSUP;
80 goto fail;
81 }
82
83 block->payload_offset = 0;
84
85 return 0;
86
87 fail:
88 qcrypto_cipher_free(block->cipher);
89 qcrypto_ivgen_free(block->ivgen);
90 return ret;
91}
92
93
94static int
95qcrypto_block_qcow_open(QCryptoBlock *block,
96 QCryptoBlockOpenOptions *options,
97 QCryptoBlockReadFunc readfunc G_GNUC_UNUSED,
98 void *opaque G_GNUC_UNUSED,
99 unsigned int flags,
100 Error **errp)
101{
102 if (flags & QCRYPTO_BLOCK_OPEN_NO_IO) {
103 return 0;
104 } else {
105 if (!options->u.qcow.key_secret) {
106 error_setg(errp,
107 "Parameter 'key-secret' is required for cipher");
108 return -1;
109 }
110 return qcrypto_block_qcow_init(block,
111 options->u.qcow.key_secret, errp);
112 }
113}
114
115
116static int
117qcrypto_block_qcow_create(QCryptoBlock *block,
118 QCryptoBlockCreateOptions *options,
119 QCryptoBlockInitFunc initfunc G_GNUC_UNUSED,
120 QCryptoBlockWriteFunc writefunc G_GNUC_UNUSED,
121 void *opaque G_GNUC_UNUSED,
122 Error **errp)
123{
124 if (!options->u.qcow.key_secret) {
125 error_setg(errp, "Parameter 'key-secret' is required for cipher");
126 return -1;
127 }
128
129 return qcrypto_block_qcow_init(block, options->u.qcow.key_secret, errp);
130}
131
132
133static void
134qcrypto_block_qcow_cleanup(QCryptoBlock *block)
135{
136}
137
138
139static int
140qcrypto_block_qcow_decrypt(QCryptoBlock *block,
141 uint64_t startsector,
142 uint8_t *buf,
143 size_t len,
144 Error **errp)
145{
146 return qcrypto_block_decrypt_helper(block->cipher,
147 block->niv, block->ivgen,
148 QCRYPTO_BLOCK_QCOW_SECTOR_SIZE,
149 startsector, buf, len, errp);
150}
151
152
153static int
154qcrypto_block_qcow_encrypt(QCryptoBlock *block,
155 uint64_t startsector,
156 uint8_t *buf,
157 size_t len,
158 Error **errp)
159{
160 return qcrypto_block_encrypt_helper(block->cipher,
161 block->niv, block->ivgen,
162 QCRYPTO_BLOCK_QCOW_SECTOR_SIZE,
163 startsector, buf, len, errp);
164}
165
166
167const QCryptoBlockDriver qcrypto_block_driver_qcow = {
168 .open = qcrypto_block_qcow_open,
169 .create = qcrypto_block_qcow_create,
170 .cleanup = qcrypto_block_qcow_cleanup,
171 .decrypt = qcrypto_block_qcow_decrypt,
172 .encrypt = qcrypto_block_qcow_encrypt,
173 .has_format = qcrypto_block_qcow_has_format,
174};
175