6:16 a.m.
On 08/21/2018 06:23 PM, John Ferlan wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1613737
When processing the inputvol for encryption, we need to handle
the case where the inputvol is encrypted. This then allows for
the encrypted inputvol to be used either for an output encrypted
volume or an output volume of some XML provided type.
Add tests to show the various conversion options when either input
or output is encrypted. This includes when both are encrypted.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/storage/storage_util.c | 62 ++++++++++++++++---
src/storage/storage_util.h | 1 +
.../luks-convert-encrypt.argv | 11 ++++
.../luks-convert-encrypt2fileqcow2.argv | 7 +++
.../luks-convert-encrypt2fileraw.argv | 7 +++
tests/storagevolxml2argvtest.c | 15 ++++-
tests/storagevolxml2xmlin/vol-encrypt1.xml | 21 +++++++
tests/storagevolxml2xmlin/vol-encrypt2.xml | 21 +++++++
8 files changed, 137 insertions(+), 8 deletions(-)
create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt.argv
create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt2fileqcow2.argv
create mode 100644 tests/storagevolxml2argvdata/luks-convert-encrypt2fileraw.argv
create mode 100644 tests/storagevolxml2xmlin/vol-encrypt1.xml
create mode 100644 tests/storagevolxml2xmlin/vol-encrypt2.xml
diff --git a/src/storage/storage_util.c b/src/storage/storage_util.c
index cc49a5b9f7..3c1e875b27 100644
--- a/src/storage/storage_util.c
+++ b/src/storage/storage_util.c
@@ -1084,6 +1084,7 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr
pool,
unsigned int flags,
const char *create_tool,
const char *secretPath,
+ const char *inputSecretPath,
virStorageVolEncryptConvertStep convertStep)
{
virCommandPtr cmd = NULL;
@@ -1101,6 +1102,8 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr
pool,
.secretAlias = NULL,
};
virStorageEncryptionPtr enc = vol->target.encryption;
+ char *inputSecretAlias = NULL;
+ virStorageEncryptionPtr inputenc = inputvol ? inputvol->target.encryption :
NULL;
virStorageEncryptionInfoDefPtr encinfo = NULL;
virCheckFlags(VIR_STORAGE_VOL_CREATE_PREALLOC_METADATA, NULL);
@@ -1114,6 +1117,12 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr
pool,
goto error;
}
+ if (inputenc && inputenc->format != VIR_STORAGE_ENCRYPTION_FORMAT_LUKS)
{
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("encryption format of inputvol must be LUKS"));
+ goto error;
+ }
+
if (virStorageBackendCreateQemuImgSetInfo(pool, vol, inputvol,
convertStep, &info) < 0)
goto error;
@@ -1153,6 +1162,20 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr
pool,
encinfo = &enc->encinfo;
}
+ if (inputenc && convertStep == VIR_STORAGE_VOL_ENCRYPT_CONVERT) {
+ if (!inputSecretPath) {
+ virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
+ _("path to inputvol secret data file is
required"));
+ goto error;
+ }
+ if (virAsprintf(&inputSecretAlias, "%s_encrypt0",
+ inputvol->name) < 0)
+ goto error;
+ if (storageBackendCreateQemuImgSecretObject(cmd, inputSecretPath,
+ inputSecretAlias) < 0)
+ goto error;
+ }
+
if (convertStep != VIR_STORAGE_VOL_ENCRYPT_CONVERT) {
if (storageBackendCreateQemuImgSetOptions(cmd, encinfo, info) < 0)
goto error;
@@ -1163,19 +1186,32 @@ virStorageBackendCreateQemuImgCmdFromVol(virStoragePoolObjPtr
pool,
virCommandAddArgFormat(cmd, "%lluK", info.size_arg);
} else {
/* source */
- virCommandAddArgFormat(cmd, "driver=%s,file.filename=%s",
- info.inputType, info.inputPath);
+ if (inputenc)
+ virCommandAddArgFormat(cmd,
+
"driver=luks,file.filename=%s,key-secret=%s",
+ info.inputPath, inputSecretAlias);
+ else
+ virCommandAddArgFormat(cmd, "driver=%s,file.filename=%s",
+ info.inputType, info.inputPath);
/* dest */
- virCommandAddArgFormat(cmd,
"driver=%s,file.filename=%s,key-secret=%s",
- info.type, info.path, info.secretAlias);
+ if (enc)
+ virCommandAddArgFormat(cmd,
+
"driver=%s,file.filename=%s,key-secret=%s",
+ info.type, info.path, info.secretAlias);
+ else
+ virCommandAddArgFormat(cmd, "driver=%s,file.filename=%s",
+ info.type, info.path);
+
Same comment here as in previous patch.
Michal