qemu: domain: Forbid storage with old QCOW2 encryption

The encryption was buggy and qemu actually dropped it upstream. Forbid
it for all versions since it would cause other problems too.

Problems with the old encryption include weak crypto, corruption of
images with blockjobs and a lot of usability problems.

This requires changing of the encryption type for the encrypted disk
tests.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>

docs/formatdomain.html.in

@@ -2974,6 +2974,10 @@
             See the
             <a href="formatstorageencryption.html">Storage Encryption</a>
             page for more information.
+            <p/>
+            Note that the 'qcow' format of encryption is broken and thus is no
+            longer supported for use with disk images.
+            (<span class="since">Since libvirt 4.5.0</span>)
           </dd>
           <dt><code>reservations</code></dt>
           <dd><span class="since">Since libvirt 4.4.0</span>, the

docs/formatstorageencryption.html.in

@@ -53,9 +53,8 @@
       The <code>qcow</code> format specifies that the built-in encryption
       support in <code>qcow</code>- or <code>qcow2</code>-formatted volume
       images should be used.  A single
-      <code>&lt;secret type='passphrase'&gt;</code> element is expected.  If
+      <code>&lt;secret type='passphrase'&gt;</code> element is expected.  Note
-      the <code>secret</code> element is not present during volume creation,
+      that this encryption is inherently broken and should not be used any more.
-      a secret is automatically generated and attached to the volume.
     </p>
     <h3><a id="StorageEncryptionLuks">"luks" format</a></h3>
     <p>

src/qemu/qemu_domain.c

@@ -4483,6 +4483,16 @@ qemuDomainValidateStorageSource(virStorageSourcePtr src,
         return -1;
     }
 
+    if ((src->format == VIR_STORAGE_FILE_QCOW ||
+         src->format == VIR_STORAGE_FILE_QCOW2) &&
+        src->encryption &&
+        (src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_DEFAULT ||
+         src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_QCOW)) {
+            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+                           _("old qcow/qcow2 encryption is not supported"));
+            return -1;
+    }
+
     if (src->format == VIR_STORAGE_FILE_QCOW2 &&
         src->encryption &&
         src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&

tests/qemuxml2argvdata/encrypted-disk-usage.args

@@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=none \
 /usr/bin/qemu-system-i686 \
 -name encryptdisk \
 -S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
 -machine pc,accel=tcg,usb=off,dump-guest-core=off \
 -m 1024 \
 -smp 1,sockets=1,cores=1,threads=1 \
@@ -22,7 +24,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
 -no-acpi \
 -boot c \
 -usb \
--drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\
+-object secret,id=virtio-disk0-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\
+encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\
 id=drive-virtio-disk0 \
 -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
 id=virtio-disk0 \

tests/qemuxml2argvdata/encrypted-disk-usage.xml

@@ -18,7 +18,7 @@
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'/>
       <target dev='vda' bus='virtio'/>
-      <encryption format='qcow'>
+      <encryption format='luks'>
         <secret type='passphrase' usage='/storage/guest_disks/encryptdisk'/>
       </encryption>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

tests/qemuxml2argvdata/encrypted-disk.args

@@ -7,6 +7,8 @@ QEMU_AUDIO_DRV=none \
 /usr/bin/qemu-system-i686 \
 -name encryptdisk \
 -S \
+-object secret,id=masterKey0,format=raw,\
+file=/tmp/lib/domain--1-encryptdisk/master-key.aes \
 -machine pc,accel=tcg,usb=off,dump-guest-core=off \
 -m 1024 \
 -smp 1,sockets=1,cores=1,threads=1 \
@@ -22,7 +24,11 @@ path=/tmp/lib/domain--1-encryptdisk/monitor.sock,server,nowait \
 -no-acpi \
 -boot c \
 -usb \
--drive file=/storage/guest_disks/encryptdisk,format=qcow2,if=none,\
+-object secret,id=virtio-disk0-luks-secret0,\
+data=9eao5F8qtkGt+seB1HYivWIxbtwUu6MQtg1zpj/oDtUsPr1q8wBYM91uEHCn6j/1,\
+keyid=masterKey0,iv=AAECAwQFBgcICQoLDA0ODw==,format=base64 \
+-drive file=/storage/guest_disks/encryptdisk,encrypt.format=luks,\
+encrypt.key-secret=virtio-disk0-luks-secret0,format=qcow2,if=none,\
 id=drive-virtio-disk0 \
 -device virtio-blk-pci,bus=pci.0,addr=0x4,drive=drive-virtio-disk0,\
 id=virtio-disk0 \

tests/qemuxml2argvdata/encrypted-disk.xml

@@ -18,7 +18,7 @@
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'/>
       <target dev='vda' bus='virtio'/>
-      <encryption format='qcow'>
+      <encryption format='luks'>
         <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
       </encryption>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

tests/qemuxml2argvtest.c

@@ -1651,8 +1651,8 @@ mymain(void)
     DO_TEST("cpu-tsc-frequency", QEMU_CAPS_KVM);
     qemuTestSetHostCPU(driver.caps, NULL);
 
-    DO_TEST("encrypted-disk", NONE);
+    DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET);
-    DO_TEST("encrypted-disk-usage", NONE);
+    DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS, QEMU_CAPS_OBJECT_SECRET);
 # ifdef WITH_GNUTLS
     DO_TEST("luks-disks", QEMU_CAPS_OBJECT_SECRET);
     DO_TEST("luks-disks-source", QEMU_CAPS_OBJECT_SECRET);

tests/qemuxml2xmloutdata/encrypted-disk.xml

@@ -18,7 +18,7 @@
       <driver name='qemu' type='qcow2'/>
       <source file='/storage/guest_disks/encryptdisk'/>
       <target dev='vda' bus='virtio'/>
-      <encryption format='qcow'>
+      <encryption format='luks'>
         <secret type='passphrase' uuid='0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f'/>
       </encryption>
       <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>

tests/qemuxml2xmltest.c

@@ -482,8 +482,8 @@ mymain(void)
     DO_TEST("pci-rom-disabled-invalid", NONE);
     DO_TEST("pci-serial-dev-chardev", NONE);
 
-    DO_TEST("encrypted-disk", NONE);
+    DO_TEST("encrypted-disk", QEMU_CAPS_QCOW2_LUKS);
-    DO_TEST("encrypted-disk-usage", NONE);
+    DO_TEST("encrypted-disk-usage", QEMU_CAPS_QCOW2_LUKS);
     DO_TEST("luks-disks", NONE);
     DO_TEST("luks-disks-source", NONE);
     DO_TEST("memtune", NONE);