block/qcow2: extend qemu-img amend interface with crypto options

    return ret;

}

static QDict*

qcow2_extract_crypto_opts(QemuOpts *opts, const char *fmt, Error **errp)

{

    QDict *cryptoopts_qdict;

    QDict *opts_qdict;

    /* Extract "encrypt." options into a qdict */

    opts_qdict = qemu_opts_to_qdict(opts, NULL);

    qdict_extract_subqdict(opts_qdict, &cryptoopts_qdict, "encrypt.");

    qobject_unref(opts_qdict);

    qdict_put_str(cryptoopts_qdict, "format", fmt);

    return cryptoopts_qdict;

}

/*

 * read qcow2 extension and fill bs

    if (has_luks) {

        g_autoptr(QCryptoBlockCreateOptions) create_opts = NULL;

        QDict *opts_qdict;

        QDict *cryptoopts;

        QDict *cryptoopts = qcow2_extract_crypto_opts(opts, "luks", errp);

        size_t headerlen;

        opts_qdict = qemu_opts_to_qdict(opts, NULL);

        qdict_extract_subqdict(opts_qdict, &cryptoopts, "encrypt.");

        qobject_unref(opts_qdict);

        qdict_put_str(cryptoopts, "format", "luks");

        create_opts = block_crypto_create_opts_init(cryptoopts, errp);

        qobject_unref(cryptoopts);

        if (!create_opts) {

    QCOW2_NO_OPERATION = 0,

    QCOW2_UPGRADING,

    QCOW2_UPDATING_ENCRYPTION,

    QCOW2_CHANGING_REFCOUNT_ORDER,

    QCOW2_DOWNGRADING,

} Qcow2AmendOperation;

    int ret;

    QemuOptDesc *desc = opts->list->desc;

    Qcow2AmendHelperCBInfo helper_cb_info;

    bool encryption_update = false;

    while (desc && desc->name) {

        if (!qemu_opt_find(opts, desc->name)) {

            backing_file = qemu_opt_get(opts, BLOCK_OPT_BACKING_FILE);

        } else if (!strcmp(desc->name, BLOCK_OPT_BACKING_FMT)) {

            backing_format = qemu_opt_get(opts, BLOCK_OPT_BACKING_FMT);

        } else if (g_str_has_prefix(desc->name, "encrypt.")) {

            if (!s->crypto) {

                error_setg(errp,

                           "Can't amend encryption options - encryption not present");

                return -EINVAL;

            }

            if (s->crypt_method_header != QCOW_CRYPT_LUKS) {

                error_setg(errp,

                           "Only LUKS encryption options can be amended");

                return -ENOTSUP;

            }

            encryption_update = true;

        } else if (!strcmp(desc->name, BLOCK_OPT_LAZY_REFCOUNTS)) {

            lazy_refcounts = qemu_opt_get_bool(opts, BLOCK_OPT_LAZY_REFCOUNTS,

                                               lazy_refcounts);

        .original_status_cb = status_cb,

        .original_cb_opaque = cb_opaque,

        .total_operations = (new_version != old_version)

                          + (s->refcount_bits != refcount_bits)

                          + (s->refcount_bits != refcount_bits) +

                            (encryption_update == true)

    };

    /* Upgrade first (some features may require compat=1.1) */

        }

    }

    if (encryption_update) {

        QDict *amend_opts_dict;

        QCryptoBlockAmendOptions *amend_opts;

        helper_cb_info.current_operation = QCOW2_UPDATING_ENCRYPTION;

        amend_opts_dict = qcow2_extract_crypto_opts(opts, "luks", errp);

        if (!amend_opts_dict) {

            return -EINVAL;

        }

        amend_opts = block_crypto_amend_opts_init(amend_opts_dict, errp);

        qobject_unref(amend_opts_dict);

        if (!amend_opts) {

            return -EINVAL;

        }

        ret = qcrypto_block_amend_options(s->crypto,

                                          qcow2_crypto_hdr_read_func,

                                          qcow2_crypto_hdr_write_func,

                                          bs,

                                          amend_opts,

                                          force,

                                          errp);

        qapi_free_QCryptoBlockAmendOptions(amend_opts);

        if (ret < 0) {

            return ret;

        }

    }

    if (s->refcount_bits != refcount_bits) {

        int refcount_order = ctz32(refcount_bits);

    .name = "qcow2-amend-opts",

    .head = QTAILQ_HEAD_INITIALIZER(qcow2_amend_opts.head),

    .desc = {

        BLOCK_CRYPTO_OPT_DEF_LUKS_STATE("encrypt."),

        BLOCK_CRYPTO_OPT_DEF_LUKS_KEYSLOT("encrypt."),

        BLOCK_CRYPTO_OPT_DEF_LUKS_OLD_SECRET("encrypt."),

        BLOCK_CRYPTO_OPT_DEF_LUKS_NEW_SECRET("encrypt."),

        BLOCK_CRYPTO_OPT_DEF_LUKS_ITER_TIME("encrypt."),

        QCOW_COMMON_OPTIONS,

        { /* end of list */ }

    }

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size

  compat=<str>           - Compatibility level (v2 [0.10] or v3 [1.1])

  data_file=<str>        - File name of an external data file

  data_file_raw=<bool (on/off)> - The external data file must stay valid as a raw image

  encrypt.iter-time=<num> - Time to spend in PBKDF in milliseconds

  encrypt.keyslot=<num>  - Select a single keyslot to modify explicitly

  encrypt.new-secret=<str> - New secret to set in the matching keyslots. Empty string to erase

  encrypt.old-secret=<str> - Select all keyslots that match this password

  encrypt.state=<str>    - Select new state of affected keyslots (active/inactive)

  lazy_refcounts=<bool (on/off)> - Postpone refcount updates

  refcount_bits=<num>    - Width of a reference count entry in bits

  size=<size>            - Virtual disk size