[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 03/13] qcrypto-luks: refactoring: extract load/s
|
From: |
Daniel P . Berrangé |
|
Subject: |
Re: [Qemu-devel] [PATCH 03/13] qcrypto-luks: refactoring: extract load/store/check/parse header functions |
|
Date: |
Thu, 22 Aug 2019 11:38:10 +0100 |
|
User-agent: |
Mutt/1.12.0 (2019-05-25) |
On Wed, Aug 14, 2019 at 11:22:09PM +0300, Maxim Levitsky wrote:
> With upcoming key management, the header will
> need to be stored after the image is created.
>
> Extracting load header isn't strictly needed, but
> do this anyway for the symmetry.
>
> Also I extracted a function that does basic sanity
> checks on the just read header, and a function
> which parses all the crypto format to make the
> code a bit more readable, plus now the code
> doesn't destruct the in-header cipher-mode string,
> so that the header now can be stored many times,
> which is needed for the key management.
>
> Also this allows to contain the endianess conversions
> in these functions alone
>
> The header is no longer endian swapped in place,
> to prevent (mostly theoretical races I think)
> races where someone could see the header in the
> process of beeing byteswapped.
>
> Signed-off-by: Maxim Levitsky <address@hidden>
> ---
> crypto/block-luks.c | 756 ++++++++++++++++++++++++++------------------
> 1 file changed, 440 insertions(+), 316 deletions(-)
> if (!(flags & QCRYPTO_BLOCK_OPEN_NO_IO)) {
> /* Try to find which key slot our password is valid for
> * and unlock the master key from that slot.
> */
> -
> masterkey = g_new0(uint8_t, masterkeylen(luks));
>
> if (qcrypto_block_luks_find_key(block,
> @@ -845,12 +1132,10 @@ qcrypto_block_luks_open(QCryptoBlock *block,
> }
>
> block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
> - block->payload_offset = luks->header.payload_offset *
> - block->sector_size;
> + block->payload_offset = luks->header.payload_offset * block->sector_size;
>
> g_free(masterkey);
> g_free(password);
> -
> return 0;
Smoe unrelated whitespace changes here.
> + /* populate the slot 0 with the password encrypted master key*/
> + /* This will also store the header */
> + if (qcrypto_block_luks_store_key(block,
> + 0,
> + password,
> + masterkey,
> + luks_opts.iter_time,
> + writefunc,
> + opaque,
> + errp)) {
> goto error;
> - }
> + }
Indent is off by 1
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
- Re: [Qemu-devel] [PATCH 07/13] block: add manage-encryption command (qmp and blockdev), (continued)
[Qemu-devel] [PATCH 03/13] qcrypto-luks: refactoring: extract load/store/check/parse header functions, Maxim Levitsky, 2019/08/14
Re: [Qemu-devel] [PATCH 03/13] qcrypto-luks: refactoring: extract load/store/check/parse header functions,
Daniel P . Berrangé <=
[Qemu-devel] [PATCH 06/13] qcrypto-luks: implement more rigorous header checking, Maxim Levitsky, 2019/08/14
[Qemu-devel] [PATCH 08/13] qcrypto: add the plumbing for encryption management, Maxim Levitsky, 2019/08/14