[libvirt] [PATCH 4/4] xkcd: generate secure rememberable qcow2 passwords
Nikolay Shirokovskiy
nshirokovskiy at virtuozzo.com
Fri Apr 1 14:56:22 UTC 2016
On 01.04.2016 14:30, Daniel P. Berrange wrote:
> Currently the QCow2 encryption password generator just uses
> a set of random bytes. This is not very easy for users to
> remember, which encourages them to write down their passwords.
> Instead of this, allow for using 4 random words which gives
> a rememberable password, while still having high entropy.
> Enable this feature using
>
> LIBVIRT_XKCD=936 /usr/sbin/libvirtd
>
> Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> ---
> src/util/virstorageencryption.c | 47 +++++++++++++++++++++++------------------
> 1 file changed, 26 insertions(+), 21 deletions(-)
>
> diff --git a/src/util/virstorageencryption.c b/src/util/virstorageencryption.c
> index ec4a8cb..2a36e8e 100644
> --- a/src/util/virstorageencryption.c
> +++ b/src/util/virstorageencryption.c
> @@ -34,6 +34,7 @@
> #include "virerror.h"
> #include "viruuid.h"
> #include "virfile.h"
> +#include "virxkcd.h"
>
> #define VIR_FROM_THIS VIR_FROM_STORAGE
>
> @@ -294,30 +295,34 @@ virStorageGenerateQcowPassphrase(unsigned char *dest)
> int fd;
> size_t i;
>
> - /* A qcow passphrase is up to 16 bytes, with any data following a NUL
> - ignored. Prohibit control and non-ASCII characters to avoid possible
> - unpleasant surprises with the qemu monitor input mechanism. */
> - fd = open("/dev/urandom", O_RDONLY);
> - if (fd < 0) {
> - virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("Cannot open /dev/urandom"));
> - return -1;
> - }
> - i = 0;
> - while (i < VIR_STORAGE_QCOW_PASSPHRASE_SIZE) {
> - ssize_t r;
> -
> - while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR)
> - ;
> - if (r <= 0) {
> + if (virXKCDIsEnabled(936)) {
Hmm, i wonder if virXKCDIsEnabled(936) && virXKCDIsEnabled(221) is more appropriate.
> + memcpy(dest, "correct horse battery staple", VIR_STORAGE_QCOW_PASSPHRASE_SIZE);
> + } else {
> + /* A qcow passphrase is up to 16 bytes, with any data following a NUL
> + ignored. Prohibit control and non-ASCII characters to avoid possible
> + unpleasant surprises with the qemu monitor input mechanism. */
> + fd = open("/dev/urandom", O_RDONLY);
> + if (fd < 0) {
> virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> - _("Cannot read from /dev/urandom"));
> - VIR_FORCE_CLOSE(fd);
> + _("Cannot open /dev/urandom"));
> return -1;
> }
> - if (dest[i] >= 0x20 && dest[i] <= 0x7E)
> - i++; /* Got an acceptable character */
> + i = 0;
> + while (i < VIR_STORAGE_QCOW_PASSPHRASE_SIZE) {
> + ssize_t r;
> +
> + while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR)
> + ;
> + if (r <= 0) {
> + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> + _("Cannot read from /dev/urandom"));
> + VIR_FORCE_CLOSE(fd);
> + return -1;
> + }
> + if (dest[i] >= 0x20 && dest[i] <= 0x7E)
> + i++; /* Got an acceptable character */
> + }
> + VIR_FORCE_CLOSE(fd);
> }
> - VIR_FORCE_CLOSE(fd);
> return 0;
> }
>
More information about the libvir-list
mailing list