[libvirt] [PATCH v2 7/8] qemu: Introduce new Secret IV API's

Daniel P. Berrange berrange at redhat.com
Thu May 5 09:27:29 UTC 2016 

On Mon, May 02, 2016 at 05:51:14PM -0400, John Ferlan wrote:
> New APIs:
> 
>   qemuDomainGetIVKeyAlias:
>     Generate/return the secret object alias for an initialization
>     vector (IV) secret info type. This will be saved in the secret
>     info block. This will be called from qemuDomainSecretIVSetup.
> 
>   qemuDomainSecretHaveEncrypt:
>     Boolean function to determine whether the underly encryption
>     API is available. This function will utilize a similar mechanism
>     as the 'gnutls_rnd' did in configure.ac. For this patch it just
>     returns false. This API is separate from the following one so that
>     it's possible for the caller to determine whether or not it's
>     possible to create an IV secret before trying and if not available
>     fall back to the plain secret mechanism.
> 
>   qemuDomainSecretIVSetup: (private)
>     This API handles the details of the generation of the IV secret
>     and saves the pieces that need to be passed to qemu in order for
>     the secret to be decrypted. The encrypted secret based upon the
>     domain master key, an initialization vector (16 byte random value),
>     and the stored secret. Finally, the requirement from qemu is the IV
>     and encrypted secret are to be base64 encoded. They can be passed
>     either directly or within a file. This implementation chooses
>     to pass directly rather than a file.
> 
>   qemuDomainSecretSetup: (private)
>     Shim to call either the IV or Plain Setup functions based upon
>     whether IV secrets are possible (we have the encryption API) or not.
>     For this patch, the call will still be to set up the Plain since
>     qemuDomainSecretHaveEncrypt hasn't been enabled yet.
> 
> Use the qemuDomainSecretSetup in qemuDomainSecretDiskPrepare and
> qemuDomainSecretHostdevPrepare to add the secret rather than assuming plain.
> 
> Signed-off-by: John Ferlan <jferlan at redhat.com>
> ---
>  src/qemu/qemu_alias.c  |  23 +++++++
>  src/qemu/qemu_alias.h  |   2 +
>  src/qemu/qemu_domain.c | 183 +++++++++++++++++++++++++++++++++++++++++++++++--
>  3 files changed, 201 insertions(+), 7 deletions(-)

ACK


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvir-list mailing list