On 06/07/2016 04:11 AM, Daniel P. Berrange wrote: > The qemu-img info command has the ability to expose format > specific metadata about volumes. Wire up this facility for > the LUKS driver to report on cipher configuration and key > slot usage. >
>
> One somewhat undesirable artifact is that the data fields are
> printed out in (apparantly) random order. This will be addressed
s/apparantly/apparently/
> later by changing the way the block layer pretty-prints the
> image specific data.
Ah, so your new visitor pretty-prints HMP, not JSON. Okay, then I get
to review it after all, and it is probably a good addition in parallel
to my JSON printer.
>
> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> ---
> block/crypto.c | 80
> ++++++++++++++++++++++++++++++++++++++++++++++++++++
> qapi/block-core.json | 34 +++++++++++++++++++++-
> 2 files changed, 113 insertions(+), 1 deletion(-)
>
> +
> + spec_info = g_new(ImageInfoSpecific, 1);
> + spec_info->type = IMAGE_INFO_SPECIFIC_KIND_LUKS;
> + spec_info->u.luks.data = g_new(ImageInfoSpecificLUKS, 1);
> + spec_info->u.luks.data->cipher_alg = info->u.luks.cipher_alg;
> + spec_info->u.luks.data->cipher_mode = info->u.luks.cipher_mode;
> + spec_info->u.luks.data->ivgen_alg = info->u.luks.ivgen_alg;
> + spec_info->u.luks.data->has_ivgen_hash_alg =
> + info->u.luks.has_ivgen_hash_alg;
> + spec_info->u.luks.data->ivgen_hash_alg = info->u.luks.ivgen_hash_alg;
> + spec_info->u.luks.data->hash_alg = info->u.luks.hash_alg;
> + spec_info->u.luks.data->payload_offset = info->u.luks.payload_offset;
> + spec_info->u.luks.data->master_key_iters = info->u.luks.master_key_iters;
> + spec_info->u.luks.data->uuid = g_strdup(info->u.luks.uuid);
My clone visitor patches would help here.
> +++ b/qapi/block-core.json
> @@ -74,6 +74,37 @@
> 'extents': ['ImageInfo']
> } }
>
> +
> +{ 'struct': 'ImageInfoSpecificLUKSSlot',
> + 'data': {'active': 'bool',
> + 'iters': 'int',
> + 'stripes': 'int',
> + 'key-offset': 'int' } }
Missing documentation, but why do you need it, since it is identical to
QCryptoBlockInfoLUKSSlot in the previous patch?
> +
> +##
> +# @ImageInfoSpecificLUKS:
> +#
> +# @cipher-alg: the cipher algorithm for data encryption
> +# @cipher-mode: the cipher mode for data encryption
> +# @ivgen-alg: the initialization vector generator
> +# @ivgen-hash-alg: the initialization vector generator hash
> +# @hash-alg: the master key hash algorithm
> +#
Not all the members are documented, but isn't this identical to
QCryptoBlockInfoLUKS in the previous patch?
> +# Since: 2.7
> +##
> +{ 'struct': 'ImageInfoSpecificLUKS',
> + 'data': {
> + 'cipher-alg': 'QCryptoCipherAlgorithm',
> + 'cipher-mode': 'QCryptoCipherMode',
> + 'ivgen-alg': 'QCryptoIVGenAlgorithm',
> + '*ivgen-hash-alg': 'QCryptoHashAlgorithm',
> + 'hash-alg': 'QCryptoHashAlgorithm',
> + 'payload-offset': 'int',
> + 'master-key-iters': 'int',
> + 'uuid': 'str',
> + 'slots': [ 'ImageInfoSpecificLUKSSlot' ]
> + } }
> +
> ##
> # @ImageInfoSpecific:
> #
> @@ -85,7 +116,8 @@
> { 'union': 'ImageInfoSpecific',
> 'data': {
> 'qcow2': 'ImageInfoSpecificQCow2',
> - 'vmdk': 'ImageInfoSpecificVmdk'
> + 'vmdk': 'ImageInfoSpecificVmdk',
> + 'luks': 'ImageInfoSpecificLUKS'
I guess the difference is whether you are giving the info on a LUKS
image regardless of underlying storage, vs. on a qcow2 image with LUKS
encryption. Still, can't we reuse the type, rather than duplicate it?
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
