- LUKS support for detached headers

- Update x86 CPU model docs and script
  - Add missing close of chardev QIOChannel
  - More trace events o nTKS handshake
  - Drop unsafe VNC constants
  - Increase NOFILE limit during startup
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmXGMNUACgkQvobrtBUQ
 T998JQ//SqQ3L/AZmhE5cIwZ1XipSMMZ/yEoVIyniA3tL41S7Oimj3O9XvY68TEG
 nnj9Oh+zOlVLxauTHAczveJ7z+XfonQZS3HrbGRUTHU+ezGVjyM618e/h9pSQtYI
 +CCkrjtey1NoT42/um4D/bKg/B2XQeulS+pD12Z9l5zbqEZiw0R9+UwVIJ52G811
 5UQgIjJ7GNFzalxqiMCkGc0nTyU8keEXQJcdZ4droo42DnU4pZeQWGDimzP61JnW
 1Crm6aZSuUriUbVmxJde+2eEdPSR4rr/yQ4Pw06hoi1QJALSgGYtOTo8+qsyumHd
 us/2ouMrxOMdsIk4ViAkSTiaje9agPj84VE1Z229Y/uqZcEAuX572n730/kkzqUv
 ZDKxMz0v3rzpkjFmsgj5D4yqJaQp4zn1zYm98ld7HWJVIOf3GSvpaNg9J6jwN7Gi
 HKKkvYns9pxg3OSx++gqnM32HV6nnMDFiddipl/hTiUsnNlnWyTDSvJoNxIUU5+l
 /uEbbdt8xnxx1JP0LiOhgmz6N6FU7oOpaPuJ5CD8xO2RO8D1uBRvmpFcdOTDAfv0
 uYdjhKBI+quKjE64p7gNWYCoqZtipRIJ6AY2VaPU8XHx8GvGFwBLX64oLYiYtrBG
 gkv3NTHRkMhQw9cGQcZIgZ+OLU+1eNF+m9EV7LUjuKl0HWC3Vjs=
 =61zI
 -----END PGP SIGNATURE-----

Merge tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu into staging

 - LUKS support for detached headers
 - Update x86 CPU model docs and script
 - Add missing close of chardev QIOChannel
 - More trace events o nTKS handshake
 - Drop unsafe VNC constants
 - Increase NOFILE limit during startup

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmXGMNUACgkQvobrtBUQ
# T998JQ//SqQ3L/AZmhE5cIwZ1XipSMMZ/yEoVIyniA3tL41S7Oimj3O9XvY68TEG
# nnj9Oh+zOlVLxauTHAczveJ7z+XfonQZS3HrbGRUTHU+ezGVjyM618e/h9pSQtYI
# +CCkrjtey1NoT42/um4D/bKg/B2XQeulS+pD12Z9l5zbqEZiw0R9+UwVIJ52G811
# 5UQgIjJ7GNFzalxqiMCkGc0nTyU8keEXQJcdZ4droo42DnU4pZeQWGDimzP61JnW
# 1Crm6aZSuUriUbVmxJde+2eEdPSR4rr/yQ4Pw06hoi1QJALSgGYtOTo8+qsyumHd
# us/2ouMrxOMdsIk4ViAkSTiaje9agPj84VE1Z229Y/uqZcEAuX572n730/kkzqUv
# ZDKxMz0v3rzpkjFmsgj5D4yqJaQp4zn1zYm98ld7HWJVIOf3GSvpaNg9J6jwN7Gi
# HKKkvYns9pxg3OSx++gqnM32HV6nnMDFiddipl/hTiUsnNlnWyTDSvJoNxIUU5+l
# /uEbbdt8xnxx1JP0LiOhgmz6N6FU7oOpaPuJ5CD8xO2RO8D1uBRvmpFcdOTDAfv0
# uYdjhKBI+quKjE64p7gNWYCoqZtipRIJ6AY2VaPU8XHx8GvGFwBLX64oLYiYtrBG
# gkv3NTHRkMhQw9cGQcZIgZ+OLU+1eNF+m9EV7LUjuKl0HWC3Vjs=
# =61zI
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 09 Feb 2024 14:04:05 GMT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* tag 'misc-fixes-pull-request' of https://gitlab.com/berrange/qemu:
  tests: Add case for LUKS volume with detached header
  crypto: Introduce 'detached-header' field in QCryptoBlockInfoLUKS
  block: Support detached LUKS header creation using qemu-img
  block: Support detached LUKS header creation using blockdev-create
  crypto: Modify the qcrypto_block_create to support creation flags
  qapi: Make parameter 'file' optional for BlockdevCreateOptionsLUKS
  crypto: Support LUKS volume with detached header
  io: add trace event when cancelling TLS handshake
  chardev: close QIOChannel before unref'ing
  docs: re-generate x86_64 ABI compatibility CSV
  docs: fix highlighting of CPU ABI header rows
  scripts: drop comment about autogenerated CPU API file
  softmmu: remove obsolete comment about libvirt timeouts
  ui: drop VNC feature _MASK constants
  qemu_init: increase NOFILE soft limit on POSIX
  crypto: Introduce SM4 symmetric cipher algorithm
  meson: sort C warning flags alphabetically

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
This commit is contained in:
Peter Maydell 2024-02-12 14:13:58 +00:00
commit 15dbbeaff3
33 changed files with 760 additions and 91 deletions

View File

@ -3402,6 +3402,11 @@ F: migration/dirtyrate.c
F: migration/dirtyrate.h
F: include/sysemu/dirtyrate.h
Detached LUKS header
M: Hyman Huang <yong.huang@smartx.com>
S: Maintained
F: tests/qemu-iotests/tests/luks-detached-header
D-Bus
M: Marc-André Lureau <marcandre.lureau@redhat.com>
S: Maintained

View File

@ -7357,7 +7357,10 @@ void bdrv_img_create(const char *filename, const char *fmt,
goto out;
}
if (size == -1) {
/* Parameter 'size' is not needed for detached LUKS header */
if (size == -1 &&
!(!strcmp(fmt, "luks") &&
qemu_opt_get_bool(opts, "detached-header", false))) {
error_setg(errp, "Image creation needs a size parameter");
goto out;
}

View File

@ -39,6 +39,7 @@ typedef struct BlockCrypto BlockCrypto;
struct BlockCrypto {
QCryptoBlock *block;
bool updating_keys;
BdrvChild *header; /* Reference to the detached LUKS header */
};
@ -63,12 +64,14 @@ static int block_crypto_read_func(QCryptoBlock *block,
Error **errp)
{
BlockDriverState *bs = opaque;
BlockCrypto *crypto = bs->opaque;
ssize_t ret;
GLOBAL_STATE_CODE();
GRAPH_RDLOCK_GUARD_MAINLOOP();
ret = bdrv_pread(bs->file, offset, buflen, buf, 0);
ret = bdrv_pread(crypto->header ? crypto->header : bs->file,
offset, buflen, buf, 0);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not read encryption header");
return ret;
@ -84,12 +87,14 @@ static int block_crypto_write_func(QCryptoBlock *block,
Error **errp)
{
BlockDriverState *bs = opaque;
BlockCrypto *crypto = bs->opaque;
ssize_t ret;
GLOBAL_STATE_CODE();
GRAPH_RDLOCK_GUARD_MAINLOOP();
ret = bdrv_pwrite(bs->file, offset, buflen, buf, 0);
ret = bdrv_pwrite(crypto->header ? crypto->header : bs->file,
offset, buflen, buf, 0);
if (ret < 0) {
error_setg_errno(errp, -ret, "Could not write encryption header");
return ret;
@ -157,6 +162,48 @@ error:
return ret;
}
static int coroutine_fn GRAPH_UNLOCKED
block_crypto_co_format_luks_payload(BlockdevCreateOptionsLUKS *luks_opts,
Error **errp)
{
BlockDriverState *bs = NULL;
BlockBackend *blk = NULL;
Error *local_error = NULL;
int ret;
if (luks_opts->size > INT64_MAX) {
return -EFBIG;
}
bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp);
if (bs == NULL) {
return -EIO;
}
blk = blk_co_new_with_bs(bs, BLK_PERM_WRITE | BLK_PERM_RESIZE,
BLK_PERM_ALL, errp);
if (!blk) {
ret = -EPERM;
goto fail;
}
ret = blk_truncate(blk, luks_opts->size, true,
luks_opts->preallocation, 0, &local_error);
if (ret < 0) {
if (ret == -EFBIG) {
/* Replace the error message with a better one */
error_free(local_error);
error_setg(errp, "The requested file size is too large");
}
goto fail;
}
ret = 0;
fail:
bdrv_co_unref(bs);
return ret;
}
static QemuOptsList block_crypto_runtime_opts_luks = {
.name = "crypto",
@ -184,6 +231,7 @@ static QemuOptsList block_crypto_create_opts_luks = {
BLOCK_CRYPTO_OPT_DEF_LUKS_IVGEN_HASH_ALG(""),
BLOCK_CRYPTO_OPT_DEF_LUKS_HASH_ALG(""),
BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME(""),
BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_HEADER(""),
{ /* end of list */ }
},
};
@ -262,6 +310,8 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
int flags,
Error **errp)
{
ERRP_GUARD();
BlockCrypto *crypto = bs->opaque;
QemuOpts *opts = NULL;
int ret;
@ -276,6 +326,13 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
return ret;
}
crypto->header = bdrv_open_child(NULL, options, "header", bs,
&child_of_bds, BDRV_CHILD_METADATA,
true, errp);
if (*errp != NULL) {
return -EINVAL;
}
GRAPH_RDLOCK_GUARD_MAINLOOP();
bs->supported_write_flags = BDRV_REQ_FUA &
@ -299,6 +356,9 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
if (flags & BDRV_O_NO_IO) {
cflags |= QCRYPTO_BLOCK_OPEN_NO_IO;
}
if (crypto->header != NULL) {
cflags |= QCRYPTO_BLOCK_OPEN_DETACHED;
}
crypto->block = qcrypto_block_open(open_opts, NULL,
block_crypto_read_func,
bs,
@ -324,7 +384,9 @@ static int block_crypto_open_generic(QCryptoBlockFormat format,
static int coroutine_fn GRAPH_UNLOCKED
block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
QCryptoBlockCreateOptions *opts,
PreallocMode prealloc, Error **errp)
PreallocMode prealloc,
unsigned int flags,
Error **errp)
{
int ret;
BlockBackend *blk;
@ -344,7 +406,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
data = (struct BlockCryptoCreateData) {
.blk = blk,
.size = size,
.size = flags & QCRYPTO_BLOCK_CREATE_DETACHED ? 0 : size,
.prealloc = prealloc,
};
@ -352,6 +414,7 @@ block_crypto_co_create_generic(BlockDriverState *bs, int64_t size,
block_crypto_create_init_func,
block_crypto_create_write_func,
&data,
flags,
errp);
if (!crypto) {
@ -638,17 +701,27 @@ static int coroutine_fn GRAPH_UNLOCKED
block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
{
BlockdevCreateOptionsLUKS *luks_opts;
BlockDriverState *hdr_bs = NULL;
BlockDriverState *bs = NULL;
QCryptoBlockCreateOptions create_opts;
PreallocMode preallocation = PREALLOC_MODE_OFF;
unsigned int cflags = 0;
int ret;
assert(create_options->driver == BLOCKDEV_DRIVER_LUKS);
luks_opts = &create_options->u.luks;
bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp);
if (bs == NULL) {
return -EIO;
if (luks_opts->header == NULL && luks_opts->file == NULL) {
error_setg(errp, "Either the parameter 'header' or 'file' must "
"be specified");
return -EINVAL;
}
if ((luks_opts->preallocation != PREALLOC_MODE_OFF) &&
(luks_opts->file == NULL)) {
error_setg(errp, "Parameter 'preallocation' requires 'file' to be "
"specified for formatting LUKS disk");
return -EINVAL;
}
create_opts = (QCryptoBlockCreateOptions) {
@ -660,15 +733,52 @@ block_crypto_co_create_luks(BlockdevCreateOptions *create_options, Error **errp)
preallocation = luks_opts->preallocation;
}
ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
preallocation, errp);
if (ret < 0) {
goto fail;
if (luks_opts->header) {
/* LUKS volume with detached header */
hdr_bs = bdrv_co_open_blockdev_ref(luks_opts->header, errp);
if (hdr_bs == NULL) {
return -EIO;
}
cflags |= QCRYPTO_BLOCK_CREATE_DETACHED;
/* Format the LUKS header node */
ret = block_crypto_co_create_generic(hdr_bs, 0, &create_opts,
PREALLOC_MODE_OFF, cflags, errp);
if (ret < 0) {
goto fail;
}
/* Format the LUKS payload node */
if (luks_opts->file) {
ret = block_crypto_co_format_luks_payload(luks_opts, errp);
if (ret < 0) {
goto fail;
}
}
} else if (luks_opts->file) {
/* LUKS volume with none-detached header */
bs = bdrv_co_open_blockdev_ref(luks_opts->file, errp);
if (bs == NULL) {
return -EIO;
}
ret = block_crypto_co_create_generic(bs, luks_opts->size, &create_opts,
preallocation, cflags, errp);
if (ret < 0) {
goto fail;
}
}
ret = 0;
fail:
bdrv_co_unref(bs);
if (hdr_bs != NULL) {
bdrv_co_unref(hdr_bs);
}
if (bs != NULL) {
bdrv_co_unref(bs);
}
return ret;
}
@ -682,6 +792,9 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
PreallocMode prealloc;
char *buf = NULL;
int64_t size;
bool detached_hdr =
qemu_opt_get_bool(opts, "detached-header", false);
unsigned int cflags = 0;
int ret;
Error *local_err = NULL;
@ -721,8 +834,13 @@ block_crypto_co_create_opts_luks(BlockDriver *drv, const char *filename,
goto fail;
}
if (detached_hdr) {
cflags |= QCRYPTO_BLOCK_CREATE_DETACHED;
}
/* Create format layer */
ret = block_crypto_co_create_generic(bs, size, create_opts, prealloc, errp);
ret = block_crypto_co_create_generic(bs, size, create_opts,
prealloc, cflags, errp);
if (ret < 0) {
goto fail;
}

View File

@ -41,6 +41,7 @@
#define BLOCK_CRYPTO_OPT_LUKS_IVGEN_HASH_ALG "ivgen-hash-alg"
#define BLOCK_CRYPTO_OPT_LUKS_HASH_ALG "hash-alg"
#define BLOCK_CRYPTO_OPT_LUKS_ITER_TIME "iter-time"
#define BLOCK_CRYPTO_OPT_LUKS_DETACHED_HEADER "detached-header"
#define BLOCK_CRYPTO_OPT_LUKS_KEYSLOT "keyslot"
#define BLOCK_CRYPTO_OPT_LUKS_STATE "state"
#define BLOCK_CRYPTO_OPT_LUKS_OLD_SECRET "old-secret"
@ -100,6 +101,13 @@
.help = "Select new state of affected keyslots (active/inactive)",\
}
#define BLOCK_CRYPTO_OPT_DEF_LUKS_DETACHED_HEADER(prefix) \
{ \
.name = prefix BLOCK_CRYPTO_OPT_LUKS_DETACHED_HEADER, \
.type = QEMU_OPT_BOOL, \
.help = "Create a detached LUKS header", \
}
#define BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT(prefix) \
{ \
.name = prefix BLOCK_CRYPTO_OPT_LUKS_KEYSLOT, \

View File

@ -885,7 +885,7 @@ qcow_co_create(BlockdevCreateOptions *opts, Error **errp)
header.crypt_method = cpu_to_be32(QCOW_CRYPT_AES);
crypto = qcrypto_block_create(qcow_opts->encrypt, "encrypt.",
NULL, NULL, NULL, errp);
NULL, NULL, NULL, 0, errp);
if (!crypto) {
ret = -EINVAL;
goto exit;

View File

@ -3216,7 +3216,7 @@ qcow2_set_up_encryption(BlockDriverState *bs,
crypto = qcrypto_block_create(cryptoopts, "encrypt.",
qcow2_crypto_hdr_init_func,
qcow2_crypto_hdr_write_func,
bs, errp);
bs, 0, errp);
if (!crypto) {
return -EINVAL;
}

View File

@ -378,6 +378,10 @@ static void tcp_chr_free_connection(Chardev *chr)
char_socket_yank_iochannel,
QIO_CHANNEL(s->sioc));
}
if (s->ioc) {
qio_channel_close(s->ioc, NULL);
}
object_unref(OBJECT(s->sioc));
s->sioc = NULL;
object_unref(OBJECT(s->ioc));

View File

@ -95,12 +95,23 @@ qcrypto_block_luks_cipher_size_map_twofish[] = {
{ 0, 0 },
};
#ifdef CONFIG_CRYPTO_SM4
static const QCryptoBlockLUKSCipherSizeMap
qcrypto_block_luks_cipher_size_map_sm4[] = {
{ 16, QCRYPTO_CIPHER_ALG_SM4},
{ 0, 0 },
};
#endif
static const QCryptoBlockLUKSCipherNameMap
qcrypto_block_luks_cipher_name_map[] = {
{ "aes", qcrypto_block_luks_cipher_size_map_aes },
{ "cast5", qcrypto_block_luks_cipher_size_map_cast5 },
{ "serpent", qcrypto_block_luks_cipher_size_map_serpent },
{ "twofish", qcrypto_block_luks_cipher_size_map_twofish },
#ifdef CONFIG_CRYPTO_SM4
{ "sm4", qcrypto_block_luks_cipher_size_map_sm4},
#endif
};
QEMU_BUILD_BUG_ON(sizeof(struct QCryptoBlockLUKSKeySlot) != 48);
@ -457,12 +468,15 @@ qcrypto_block_luks_load_header(QCryptoBlock *block,
* Does basic sanity checks on the LUKS header
*/
static int
qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks,
unsigned int flags,
Error **errp)
{
size_t i, j;
unsigned int header_sectors = QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET /
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
bool detached = flags & QCRYPTO_BLOCK_OPEN_DETACHED;
if (memcmp(luks->header.magic, qcrypto_block_luks_magic,
QCRYPTO_BLOCK_LUKS_MAGIC_LEN) != 0) {
@ -494,7 +508,7 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
return -1;
}
if (luks->header.payload_offset_sector <
if (!detached && luks->header.payload_offset_sector <
DIV_ROUND_UP(QCRYPTO_BLOCK_LUKS_KEY_SLOT_OFFSET,
QCRYPTO_BLOCK_LUKS_SECTOR_SIZE)) {
error_setg(errp, "LUKS payload is overlapping with the header");
@ -543,7 +557,7 @@ qcrypto_block_luks_check_header(const QCryptoBlockLUKS *luks, Error **errp)
return -1;
}
if (start1 + len1 > luks->header.payload_offset_sector) {
if (!detached && start1 + len1 > luks->header.payload_offset_sector) {
error_setg(errp,
"Keyslot %zu is overlapping with the encrypted payload",
i);
@ -1203,7 +1217,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
goto fail;
}
if (qcrypto_block_luks_check_header(luks, errp) < 0) {
if (qcrypto_block_luks_check_header(luks, flags, errp) < 0) {
goto fail;
}
@ -1257,6 +1271,7 @@ qcrypto_block_luks_open(QCryptoBlock *block,
block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
block->payload_offset = luks->header.payload_offset_sector *
block->sector_size;
block->detached_header = (block->payload_offset == 0) ? true : false;
return 0;
@ -1301,6 +1316,7 @@ qcrypto_block_luks_create(QCryptoBlock *block,
const char *hash_alg;
g_autofree char *cipher_mode_spec = NULL;
uint64_t iters;
uint64_t detached_header_size;
memcpy(&luks_opts, &options->u.luks, sizeof(luks_opts));
if (!luks_opts.has_iter_time) {
@ -1529,19 +1545,32 @@ qcrypto_block_luks_create(QCryptoBlock *block,
slot->stripes = QCRYPTO_BLOCK_LUKS_STRIPES;
}
/* The total size of the LUKS headers is the partition header + key
* slot headers, rounded up to the nearest sector, combined with
* the size of each master key material region, also rounded up
* to the nearest sector */
luks->header.payload_offset_sector = header_sectors +
QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors;
if (block->detached_header) {
/*
* For a detached LUKS header image, set the payload_offset_sector
* to 0 to specify the starting point for read/write
*/
luks->header.payload_offset_sector = 0;
} else {
/*
* The total size of the LUKS headers is the partition header + key
* slot headers, rounded up to the nearest sector, combined with
* the size of each master key material region, also rounded up
* to the nearest sector
*/
luks->header.payload_offset_sector = header_sectors +
QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS * split_key_sectors;
}
block->sector_size = QCRYPTO_BLOCK_LUKS_SECTOR_SIZE;
block->payload_offset = luks->header.payload_offset_sector *
block->sector_size;
detached_header_size =
(header_sectors + QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS *
split_key_sectors) * block->sector_size;
/* Reserve header space to match payload offset */
initfunc(block, block->payload_offset, opaque, &local_err);
initfunc(block, detached_header_size, opaque, &local_err);
if (local_err) {
error_propagate(errp, local_err);
goto error;
@ -1867,6 +1896,7 @@ static int qcrypto_block_luks_get_info(QCryptoBlock *block,
info->u.luks.master_key_iters = luks->header.master_key_iterations;
info->u.luks.uuid = g_strndup((const char *)luks->header.uuid,
sizeof(luks->header.uuid));
info->u.luks.detached_header = block->detached_header;
for (i = 0; i < QCRYPTO_BLOCK_LUKS_NUM_KEY_SLOTS; i++) {
slot = g_new0(QCryptoBlockInfoLUKSSlot, 1);

View File

@ -87,6 +87,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
unsigned int flags,
Error **errp)
{
QCryptoBlock *block = g_new0(QCryptoBlock, 1);
@ -102,6 +103,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
}
block->driver = qcrypto_block_drivers[options->format];
block->detached_header = flags & QCRYPTO_BLOCK_CREATE_DETACHED;
if (block->driver->create(block, options, optprefix, initfunc,
writefunc, opaque, errp) < 0) {
@ -146,7 +148,7 @@ qcrypto_block_calculate_payload_offset(QCryptoBlockCreateOptions *create_opts,
qcrypto_block_create(create_opts, optprefix,
qcrypto_block_headerlen_hdr_init_func,
qcrypto_block_headerlen_hdr_write_func,
len, errp);
len, 0, errp);
return crypto != NULL;
}

View File

@ -42,6 +42,8 @@ struct QCryptoBlock {
size_t niv;
uint64_t payload_offset; /* In bytes */
uint64_t sector_size; /* In bytes */
bool detached_header; /* True if disk has a detached LUKS header */
};
struct QCryptoBlockDriver {

View File

@ -35,6 +35,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_SERPENT_256:
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
#ifdef CONFIG_CRYPTO_SM4
case QCRYPTO_CIPHER_ALG_SM4:
#endif
break;
default:
return false;
@ -219,6 +222,11 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
gcryalg = GCRY_CIPHER_TWOFISH;
break;
#ifdef CONFIG_CRYPTO_SM4
case QCRYPTO_CIPHER_ALG_SM4:
gcryalg = GCRY_CIPHER_SM4;
break;
#endif
default:
error_setg(errp, "Unsupported cipher algorithm %s",
QCryptoCipherAlgorithm_str(alg));

View File

@ -33,6 +33,9 @@
#ifndef CONFIG_QEMU_PRIVATE_XTS
#include <nettle/xts.h>
#endif
#ifdef CONFIG_CRYPTO_SM4
#include <nettle/sm4.h>
#endif
static inline bool qcrypto_length_check(size_t len, size_t blocksize,
Error **errp)
@ -426,6 +429,30 @@ DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish,
QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE,
twofish_encrypt_native, twofish_decrypt_native)
#ifdef CONFIG_CRYPTO_SM4
typedef struct QCryptoNettleSm4 {
QCryptoCipher base;
struct sm4_ctx key[2];
} QCryptoNettleSm4;
static void sm4_encrypt_native(void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
struct sm4_ctx *keys = ctx;
sm4_crypt(&keys[0], length, dst, src);
}
static void sm4_decrypt_native(void *ctx, size_t length,
uint8_t *dst, const uint8_t *src)
{
struct sm4_ctx *keys = ctx;
sm4_crypt(&keys[1], length, dst, src);
}
DEFINE_ECB(qcrypto_nettle_sm4,
QCryptoNettleSm4, SM4_BLOCK_SIZE,
sm4_encrypt_native, sm4_decrypt_native)
#endif
bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
QCryptoCipherMode mode)
@ -443,6 +470,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg,
case QCRYPTO_CIPHER_ALG_TWOFISH_128:
case QCRYPTO_CIPHER_ALG_TWOFISH_192:
case QCRYPTO_CIPHER_ALG_TWOFISH_256:
#ifdef CONFIG_CRYPTO_SM4
case QCRYPTO_CIPHER_ALG_SM4:
#endif
break;
default:
return false;
@ -701,6 +731,25 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg,
return &ctx->base;
}
#ifdef CONFIG_CRYPTO_SM4
case QCRYPTO_CIPHER_ALG_SM4:
{
QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1);
switch (mode) {
case QCRYPTO_CIPHER_MODE_ECB:
ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb;
break;
default:
goto bad_cipher_mode;
}
sm4_set_encrypt_key(&ctx->key[0], key);
sm4_set_decrypt_key(&ctx->key[1], key);
return &ctx->base;
}
#endif
default:
error_setg(errp, "Unsupported cipher algorithm %s",

View File

@ -38,6 +38,9 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = {
[QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
[QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24,
[QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32,
#ifdef CONFIG_CRYPTO_SM4
[QCRYPTO_CIPHER_ALG_SM4] = 16,
#endif
};
static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
@ -53,6 +56,9 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = {
[QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16,
[QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16,
[QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16,
#ifdef CONFIG_CRYPTO_SM4
[QCRYPTO_CIPHER_ALG_SM4] = 16,
#endif
};
static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = {

View File

@ -8,27 +8,37 @@ Cascadelake-Server-v1,✅,✅,✅,✅
Cascadelake-Server-v2,✅,✅,✅,✅
Cascadelake-Server-v3,✅,✅,✅,✅
Cascadelake-Server-v4,✅,✅,✅,✅
Cascadelake-Server-v5,✅,✅,✅,✅
Conroe-v1,✅,,,
Cooperlake-v1,✅,✅,✅,✅
Cooperlake-v2,✅,✅,✅,✅
Denverton-v1,✅,✅,,
Denverton-v2,✅,✅,,
Denverton-v3,✅,✅,,
Dhyana-v1,✅,✅,✅,
Dhyana-v2,✅,✅,✅,
EPYC-Genoa-v1,✅,✅,✅,✅
EPYC-Milan-v1,✅,✅,✅,
EPYC-Milan-v2,✅,✅,✅,
EPYC-Rome-v1,✅,✅,✅,
EPYC-Rome-v2,✅,✅,✅,
EPYC-Rome-v3,✅,✅,✅,
EPYC-Rome-v4,✅,✅,✅,
EPYC-v1,✅,✅,✅,
EPYC-v2,✅,✅,✅,
EPYC-v3,✅,✅,✅,
EPYC-v4,✅,✅,✅,
GraniteRapids-v1,✅,✅,✅,✅
Haswell-v1,✅,✅,✅,
Haswell-v2,✅,✅,✅,
Haswell-v3,✅,✅,✅,
Haswell-v4,✅,✅,✅,
Icelake-Client-v1,✅,✅,✅,
Icelake-Client-v2,✅,✅,✅,
Icelake-Server-v1,✅,✅,✅,✅
Icelake-Server-v2,✅,✅,✅,✅
Icelake-Server-v3,✅,✅,✅,✅
Icelake-Server-v4,✅,✅,✅,✅
Icelake-Server-v5,✅,✅,✅,✅
Icelake-Server-v6,✅,✅,✅,✅
IvyBridge-v1,✅,✅,,
IvyBridge-v2,✅,✅,,
KnightsMill-v1,✅,✅,✅,
@ -42,15 +52,21 @@ Opteron_G5-v1,✅,✅,,
Penryn-v1,✅,,,
SandyBridge-v1,✅,✅,,
SandyBridge-v2,✅,✅,,
SapphireRapids-v1,✅,✅,✅,✅
SapphireRapids-v2,✅,✅,✅,✅
Skylake-Client-v1,✅,✅,✅,
Skylake-Client-v2,✅,✅,✅,
Skylake-Client-v3,✅,✅,✅,
Skylake-Client-v4,✅,✅,✅,
Skylake-Server-v1,✅,✅,✅,✅
Skylake-Server-v2,✅,✅,✅,✅
Skylake-Server-v3,✅,✅,✅,✅
Skylake-Server-v4,✅,✅,✅,✅
Skylake-Server-v5,✅,✅,✅,✅
Snowridge-v1,✅,✅,,
Snowridge-v2,✅,✅,,
Snowridge-v3,✅,✅,,
Snowridge-v4,✅,✅,,
Westmere-v1,✅,✅,,
Westmere-v2,✅,✅,,
athlon-v1,,,,

1 Model baseline v2 v3 v4
8 Cascadelake-Server-v2
9 Cascadelake-Server-v3
10 Cascadelake-Server-v4
11 Cascadelake-Server-v5
12 Conroe-v1
13 Cooperlake-v1
14 Cooperlake-v2
15 Denverton-v1
16 Denverton-v2
17 Denverton-v3
18 Dhyana-v1
19 Dhyana-v2
20 EPYC-Genoa-v1
21 EPYC-Milan-v1
22 EPYC-Milan-v2
23 EPYC-Rome-v1
24 EPYC-Rome-v2
25 EPYC-Rome-v3
26 EPYC-Rome-v4
27 EPYC-v1
28 EPYC-v2
29 EPYC-v3
30 EPYC-v4
31 GraniteRapids-v1
32 Haswell-v1
33 Haswell-v2
34 Haswell-v3
35 Haswell-v4
Icelake-Client-v1
Icelake-Client-v2
36 Icelake-Server-v1
37 Icelake-Server-v2
38 Icelake-Server-v3
39 Icelake-Server-v4
40 Icelake-Server-v5
41 Icelake-Server-v6
42 IvyBridge-v1
43 IvyBridge-v2
44 KnightsMill-v1
52 Penryn-v1
53 SandyBridge-v1
54 SandyBridge-v2
55 SapphireRapids-v1
56 SapphireRapids-v2
57 Skylake-Client-v1
58 Skylake-Client-v2
59 Skylake-Client-v3
60 Skylake-Client-v4
61 Skylake-Server-v1
62 Skylake-Server-v2
63 Skylake-Server-v3
64 Skylake-Server-v4
65 Skylake-Server-v5
66 Snowridge-v1
67 Snowridge-v2
68 Snowridge-v3
69 Snowridge-v4
70 Westmere-v1
71 Westmere-v2
72 athlon-v1

View File

@ -58,7 +58,7 @@ depending on the machine type is in use.
.. csv-table:: x86-64 ABI compatibility levels
:file: cpu-models-x86-abi.csv
:widths: 40,15,15,15,15
:header-rows: 2
:header-rows: 1
Preferred CPU models for Intel x86 hosts

View File

@ -66,6 +66,7 @@ bool qcrypto_block_has_format(QCryptoBlockFormat format,
typedef enum {
QCRYPTO_BLOCK_OPEN_NO_IO = (1 << 0),
QCRYPTO_BLOCK_OPEN_DETACHED = (1 << 1),
} QCryptoBlockOpenFlags;
/**
@ -95,6 +96,10 @@ typedef enum {
* metadata such as the payload offset. There will be
* no cipher or ivgen objects available.
*
* If @flags contains QCRYPTO_BLOCK_OPEN_DETACHED then
* the open process will be optimized to skip the LUKS
* payload overlap check.
*
* If any part of initializing the encryption context
* fails an error will be returned. This could be due
* to the volume being in the wrong format, a cipher
@ -111,6 +116,10 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
size_t n_threads,
Error **errp);
typedef enum {
QCRYPTO_BLOCK_CREATE_DETACHED = (1 << 0),
} QCryptoBlockCreateFlags;
/**
* qcrypto_block_create:
* @options: the encryption options
@ -118,6 +127,7 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* @initfunc: callback for initializing volume header
* @writefunc: callback for writing data to the volume header
* @opaque: data to pass to @initfunc and @writefunc
* @flags: bitmask of QCryptoBlockCreateFlags values
* @errp: pointer to a NULL-initialized error object
*
* Create a new block encryption object for initializing
@ -129,6 +139,11 @@ QCryptoBlock *qcrypto_block_open(QCryptoBlockOpenOptions *options,
* generating new master keys, etc as required. Any existing
* data present on the volume will be irrevocably destroyed.
*
* If @flags contains QCRYPTO_BLOCK_CREATE_DETACHED then
* the open process will set the payload_offset_sector to 0
* to specify the starting point for the read/write of a
* detached LUKS header image.
*
* If any part of initializing the encryption context
* fails an error will be returned. This could be due
* to the volume being in the wrong format, a cipher
@ -142,6 +157,7 @@ QCryptoBlock *qcrypto_block_create(QCryptoBlockCreateOptions *options,
QCryptoBlockInitFunc initfunc,
QCryptoBlockWriteFunc writefunc,
void *opaque,
unsigned int flags,
Error **errp);
/**

View File

@ -51,6 +51,7 @@ bool is_daemonized(void);
void os_daemonize(void);
bool os_set_runas(const char *user_id);
void os_set_chroot(const char *path);
void os_setup_limits(void);
void os_setup_post(void);
int os_mlock(void);

View File

@ -128,6 +128,11 @@ static inline int os_mlock(void)
return -ENOSYS;
}
static inline void os_setup_limits(void)
{
return;
}
#define fsync _commit
#if !defined(lseek)

View File

@ -381,6 +381,7 @@ static int qio_channel_tls_close(QIOChannel *ioc,
QIOChannelTLS *tioc = QIO_CHANNEL_TLS(ioc);
if (tioc->hs_ioc_tag) {
trace_qio_channel_tls_handshake_cancel(ioc);
g_clear_handle_id(&tioc->hs_ioc_tag, g_source_remove);
}

View File

@ -43,6 +43,7 @@ qio_channel_tls_handshake_start(void *ioc) "TLS handshake start ioc=%p"
qio_channel_tls_handshake_pending(void *ioc, int status) "TLS handshake pending ioc=%p status=%d"
qio_channel_tls_handshake_fail(void *ioc) "TLS handshake fail ioc=%p"
qio_channel_tls_handshake_complete(void *ioc) "TLS handshake complete ioc=%p"
qio_channel_tls_handshake_cancel(void *ioc) "TLS handshake cancel ioc=%p"
qio_channel_tls_credentials_allow(void *ioc) "TLS credentials allow ioc=%p"
qio_channel_tls_credentials_deny(void *ioc) "TLS credentials deny ioc=%p"

View File

@ -571,36 +571,38 @@ qemu_common_flags += cc.get_supported_arguments(hardening_flags)
add_global_arguments(qemu_common_flags, native: false, language: all_languages)
add_global_link_arguments(qemu_ldflags, native: false, language: all_languages)
# Collect warnings that we want to enable
# Collect warning flags we want to set, sorted alphabetically
warn_flags = [
'-Wundef',
'-Wwrite-strings',
'-Wmissing-prototypes',
'-Wstrict-prototypes',
'-Wredundant-decls',
'-Wold-style-declaration',
'-Wold-style-definition',
'-Wtype-limits',
'-Wformat-security',
'-Wformat-y2k',
'-Winit-self',
'-Wignored-qualifiers',
# First enable interesting warnings
'-Wempty-body',
'-Wnested-externs',
'-Wendif-labels',
'-Wexpansion-to-defined',
'-Wformat-security',
'-Wformat-y2k',
'-Wignored-qualifiers',
'-Wimplicit-fallthrough=2',
'-Winit-self',
'-Wmissing-format-attribute',
'-Wmissing-prototypes',
'-Wnested-externs',
'-Wold-style-declaration',
'-Wold-style-definition',
'-Wredundant-decls',
'-Wshadow=local',
'-Wstrict-prototypes',
'-Wtype-limits',
'-Wundef',
'-Wwrite-strings',
# Then disable some undesirable warnings
'-Wno-gnu-variable-sized-type-not-at-end',
'-Wno-initializer-overrides',
'-Wno-missing-include-dirs',
'-Wno-psabi',
'-Wno-shift-negative-value',
'-Wno-string-plus-int',
'-Wno-typedef-redefinition',
'-Wno-tautological-type-limit-compare',
'-Wno-psabi',
'-Wno-gnu-variable-sized-type-not-at-end',
'-Wshadow=local',
'-Wno-typedef-redefinition',
]
if host_os != 'darwin'
@ -1631,6 +1633,7 @@ endif
gcrypt = not_found
nettle = not_found
hogweed = not_found
crypto_sm4 = not_found
xts = 'none'
if get_option('nettle').enabled() and get_option('gcrypt').enabled()
@ -1656,6 +1659,17 @@ if not gnutls_crypto.found()
cc.find_library('gpg-error', required: true)],
version: gcrypt.version())
endif
crypto_sm4 = gcrypt
# SM4 ALG is available in libgcrypt >= 1.9
if gcrypt.found() and not cc.links('''
#include <gcrypt.h>
int main(void) {
gcry_cipher_hd_t handler;
gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, 0);
return 0;
}''', dependencies: gcrypt)
crypto_sm4 = not_found
endif
endif
if (not get_option('nettle').auto() or have_system) and not gcrypt.found()
nettle = dependency('nettle', version: '>=3.4',
@ -1664,6 +1678,18 @@ if not gnutls_crypto.found()
if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle)
xts = 'private'
endif
crypto_sm4 = nettle
# SM4 ALG is available in nettle >= 3.9
if nettle.found() and not cc.links('''
#include <nettle/sm4.h>
int main(void) {
struct sm4_ctx ctx;
unsigned char key[16] = {0};
sm4_set_encrypt_key(&ctx, key);
return 0;
}''', dependencies: nettle)
crypto_sm4 = not_found
endif
endif
endif
@ -2265,6 +2291,7 @@ config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found())
config_host_data.set('CONFIG_TASN1', tasn1.found())
config_host_data.set('CONFIG_GCRYPT', gcrypt.found())
config_host_data.set('CONFIG_NETTLE', nettle.found())
config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found())
config_host_data.set('CONFIG_HOGWEED', hogweed.found())
config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private')
config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim)
@ -4304,6 +4331,7 @@ summary_info += {'nettle': nettle}
if nettle.found()
summary_info += {' XTS': xts != 'private'}
endif
summary_info += {'SM4 ALG support': crypto_sm4}
summary_info += {'AF_ALG support': have_afalg}
summary_info += {'rng-none': get_option('rng_none')}
summary_info += {'Linux keyring': have_keyring}

View File

@ -24,6 +24,7 @@
*/
#include "qemu/osdep.h"
#include <sys/resource.h>
#include <sys/wait.h>
#include <pwd.h>
#include <grp.h>
@ -256,6 +257,27 @@ void os_daemonize(void)
}
}
void os_setup_limits(void)
{
struct rlimit nofile;
if (getrlimit(RLIMIT_NOFILE, &nofile) < 0) {
warn_report("unable to query NOFILE limit: %s", strerror(errno));
return;
}
if (nofile.rlim_cur == nofile.rlim_max) {
return;
}
nofile.rlim_cur = nofile.rlim_max;
if (setrlimit(RLIMIT_NOFILE, &nofile) < 0) {
warn_report("unable to set NOFILE limit: %s", strerror(errno));
return;
}
}
void os_setup_post(void)
{
int fd = 0;

View File

@ -3365,11 +3365,14 @@
# decryption key (since 2.6). Mandatory except when doing a
# metadata-only probe of the image.
#
# @header: block device holding a detached LUKS header. (since 9.0)
#
# Since: 2.9
##
{ 'struct': 'BlockdevOptionsLUKS',
'base': 'BlockdevOptionsGenericFormat',
'data': { '*key-secret': 'str' } }
'data': { '*key-secret': 'str',
'*header': 'BlockdevRef'} }
##
# @BlockdevOptionsGenericCOWFormat:
@ -4952,7 +4955,10 @@
#
# Driver specific image creation options for LUKS.
#
# @file: Node to create the image format on
# @file: Node to create the image format on, mandatory except when
# 'preallocation' is not requested
#
# @header: Block device holding a detached LUKS header. (since 9.0)
#
# @size: Size of the virtual disk in bytes
#
@ -4963,7 +4969,8 @@
##
{ 'struct': 'BlockdevCreateOptionsLUKS',
'base': 'QCryptoBlockCreateOptionsLUKS',
'data': { 'file': 'BlockdevRef',
'data': { '*file': 'BlockdevRef',
'*header': 'BlockdevRef',
'size': 'size',
'*preallocation': 'PreallocMode' } }

View File

@ -94,6 +94,8 @@
#
# @twofish-256: Twofish with 256 bit / 32 byte keys
#
# @sm4: SM4 with 128 bit / 16 byte keys (since 9.0)
#
# Since: 2.6
##
{ 'enum': 'QCryptoCipherAlgorithm',
@ -102,7 +104,8 @@
'des', '3des',
'cast5-128',
'serpent-128', 'serpent-192', 'serpent-256',
'twofish-128', 'twofish-192', 'twofish-256']}
'twofish-128', 'twofish-192', 'twofish-256',
'sm4']}
##
# @QCryptoCipherMode:
@ -223,6 +226,8 @@
# @iter-time: number of milliseconds to spend in PBKDF passphrase
# processing. Currently defaults to 2000. (since 2.8)
#
# @detached-header: create a detached LUKS header. (since 9.0)
#
# Since: 2.6
##
{ 'struct': 'QCryptoBlockCreateOptionsLUKS',
@ -232,7 +237,8 @@
'*ivgen-alg': 'QCryptoIVGenAlgorithm',
'*ivgen-hash-alg': 'QCryptoHashAlgorithm',
'*hash-alg': 'QCryptoHashAlgorithm',
'*iter-time': 'int'}}
'*iter-time': 'int',
'*detached-header': 'bool'}}
##
# @QCryptoBlockOpenOptions:
@ -311,6 +317,8 @@
#
# @hash-alg: the master key hash algorithm
#
# @detached-header: whether the LUKS header is detached (Since 9.0)
#
# @payload-offset: offset to the payload data in bytes
#
# @master-key-iters: number of PBKDF2 iterations for key material
@ -327,6 +335,7 @@
'ivgen-alg': 'QCryptoIVGenAlgorithm',
'*ivgen-hash-alg': 'QCryptoHashAlgorithm',
'hash-alg': 'QCryptoHashAlgorithm',
'detached-header': 'bool',
'payload-offset': 'int',
'master-key-iters': 'int',
'uuid': 'str',

View File

@ -179,7 +179,6 @@ for level in range(len(abi_models)):
models[name]["delta"][level] = delta
def print_uarch_abi_csv():
print("# Automatically generated from '%s'" % __file__)
print("Model,baseline,v2,v3,v4")
for name in models.keys():
print(name, end="")

View File

@ -1914,7 +1914,6 @@ static bool object_create_early(const char *type)
* Allocation of large amounts of memory may delay
* chardev initialization for too long, and trigger timeouts
* on software that waits for a monitor socket to be created
* (e.g. libvirt).
*/
if (g_str_has_prefix(type, "memory-backend-")) {
return false;
@ -2778,6 +2777,8 @@ void qemu_init(int argc, char **argv)
error_init(argv[0]);
qemu_init_exec_dir(argv[0]);
os_setup_limits();
qemu_init_arch_modules();
qemu_init_subsystems();

View File

@ -18,6 +18,7 @@ virtual size: 128 MiB (134217728 bytes)
encrypted: yes
Format specific information:
ivgen alg: plain64
detached header: false
hash alg: sha256
cipher alg: aes-256
uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
@ -70,6 +71,7 @@ virtual size: 64 MiB (67108864 bytes)
encrypted: yes
Format specific information:
ivgen alg: plain64
detached header: false
hash alg: sha1
cipher alg: aes-128
uuid: XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX
@ -125,6 +127,7 @@ virtual size: 0 B (0 bytes)
encrypted: yes
Format specific information:
ivgen alg: plain64
detached header: false