Instead of passing the encryption format name and the QemuOpts down, use
the QCryptoBlockCreateOptions contained in BlockdevCreateOptions.
Signed-off-by: Kevin Wolf
Reviewed-by: Eric Blake
---
block/qcow2.c | 62 +++
1 file changed, 45 insertions(+), 17 deletions(-)
diff --git a/block/qcow2.c b/block/qcow2.c
index 30f5fbcc37..3f08cff1fa 100644
--- a/block/qcow2.c
+++ b/block/qcow2.c
@@ -2387,13 +2387,10 @@ static int qcow2_crypt_method_from_format(const char
*encryptfmt)
}
}
-static int qcow2_set_up_encryption(BlockDriverState *bs, const char
*encryptfmt,
- QemuOpts *opts, Error **errp)
+static QCryptoBlockCreateOptions *
+qcow2_parse_encryption(const char *encryptfmt, QemuOpts *opts, Error **errp)
{
-BDRVQcow2State *s = bs->opaque;
QCryptoBlockCreateOptions *cryptoopts = NULL;
-QCryptoBlock *crypto = NULL;
-int ret = -EINVAL;
QDict *options, *encryptopts;
int fmt;
@@ -2416,10 +2413,31 @@ static int qcow2_set_up_encryption(BlockDriverState
*bs, const char *encryptfmt,
error_setg(errp, "Unknown encryption format '%s'", encryptfmt);
break;
}
-if (!cryptoopts) {
-ret = -EINVAL;
-goto out;
+
+QDECREF(encryptopts);
+return cryptoopts;
+}
+
+static int qcow2_set_up_encryption(BlockDriverState *bs,
+ QCryptoBlockCreateOptions *cryptoopts,
+ Error **errp)
+{
+BDRVQcow2State *s = bs->opaque;
+QCryptoBlock *crypto = NULL;
+int fmt, ret;
+
+switch (cryptoopts->format) {
+case Q_CRYPTO_BLOCK_FORMAT_LUKS:
+fmt = QCOW_CRYPT_LUKS;
+break;
+case Q_CRYPTO_BLOCK_FORMAT_QCOW:
+fmt = QCOW_CRYPT_AES;
+break;
+default:
+error_setg(errp, "Crypto format not supported in qcow2");
+return -EINVAL;
}
+
s->crypt_method_header = fmt;
crypto = qcrypto_block_create(cryptoopts, "encrypt.",
@@ -2427,8 +2445,7 @@ static int qcow2_set_up_encryption(BlockDriverState *bs,
const char *encryptfmt,
qcow2_crypto_hdr_write_func,
bs, errp);
if (!crypto) {
-ret = -EINVAL;
-goto out;
+return -EINVAL;
}
ret = qcow2_update_header(bs);
@@ -2437,10 +2454,9 @@ static int qcow2_set_up_encryption(BlockDriverState *bs,
const char *encryptfmt,
goto out;
}
+ret = 0;
out:
-QDECREF(encryptopts);
qcrypto_block_free(crypto);
-qapi_free_QCryptoBlockCreateOptions(cryptoopts);
return ret;
}
@@ -2705,8 +2721,7 @@ static uint64_t qcow2_opt_get_refcount_bits_del(QemuOpts
*opts, int version,
return refcount_bits;
}
-static int qcow2_create2(BlockdevCreateOptions *create_options,
- QemuOpts *opts, const char *encryptfmt, Error **errp)
+static int qcow2_create2(BlockdevCreateOptions *create_options, Error **errp)
{
BlockdevCreateOptionsQcow2 *qcow2_opts;
QDict *options;
@@ -2936,8 +2951,8 @@ static int qcow2_create2(BlockdevCreateOptions
*create_options,
}
/* Want encryption? There you go. */
-if (encryptfmt) {
-ret = qcow2_set_up_encryption(blk_bs(blk), encryptfmt, opts, errp);
+if (qcow2_opts->has_encrypt) {
+ret = qcow2_set_up_encryption(blk_bs(blk), qcow2_opts->encrypt, errp);
if (ret < 0) {
goto out;
}
@@ -2994,6 +3009,7 @@ static int qcow2_create(const char *filename, QemuOpts
*opts, Error **errp)
int version;
uint64_t refcount_bits;
char *encryptfmt = NULL;
+QCryptoBlockCreateOptions *cryptoopts = NULL;
BlockDriverState *bs = NULL;
Error *local_err = NULL;
int ret;
@@ -3010,6 +3026,7 @@ static int qcow2_create(const char *filename, QemuOpts
*opts, Error **errp)
ret = -EINVAL;
goto finish;
}
+
encryptfmt = qemu_opt_get_del(opts, BLOCK_OPT_ENCRYPT_FORMAT);
if (encryptfmt) {
if (qemu_opt_get(opts, BLOCK_OPT_ENCRYPT)) {
@@ -3021,6 +3038,14 @@ static int qcow2_create(const char *filename, QemuOpts
*opts, Error **errp)
} else if (qemu_opt_get_bool_del(opts, BLOCK_OPT_ENCRYPT, false)) {
encryptfmt = g_strdup("aes");
}
+if (encryptfmt) {
+cryptoopts = qcow2_parse_encryption(encryptfmt, opts, errp);
+if (cryptoopts == NULL) {
+ret = -EINVAL;
+goto finish;
+}
+}
+
cluster_size = qcow2_opt_get_cluster_size_del(opts, _err);
if (local_err) {
error_propagate(errp, local_err);
@@ -3094,6 +3119,8 @@ static int qcow2_create(const char *filename, QemuOpts
*opts, Error **errp)
.backing_file = backing_file,
.has_backing_fmt= (backing_fmt != NULL),
.backing_fmt= backing_drv,
+.has_encrypt=