[libvirt] [PATCH v3 1/2] qemu: Introduce new Secret IV API's
Daniel P. Berrange
berrange at redhat.com
Wed May 11 12:51:13 UTC 2016
On Wed, May 11, 2016 at 02:47:21PM +0200, Peter Krempa wrote:
> On Thu, May 05, 2016 at 15:00:40 -0400, John Ferlan wrote:
> > New APIs:
> >
> > qemuDomainGetIVKeyAlias:
> > Generate/return the secret object alias for an initialization
> > vector (IV) secret info type. This will be saved in the secret
> > info block. This will be called from qemuDomainSecretIVSetup.
> >
> > qemuDomainSecretHaveEncrypt: (private)
> > Boolean function to determine whether the underly encryption
> > API is available. This function will utilize a similar mechanism
> > as the 'gnutls_rnd' did in configure.ac.
> >
> > qemuDomainSecretIVSetup: (private)
> > This API handles the details of the generation of the IV secret
> > and saves the pieces that need to be passed to qemu in order for
> > the secret to be decrypted. The encrypted secret based upon the
> > domain master key, an initialization vector (16 byte random value),
> > and the stored secret. Finally, the requirement from qemu is the IV
> > and encrypted secret are to be base64 encoded. They can be passed
> > either directly or within a file. This implementation chooses
> > to pass directly rather than a file.
> >
> > Signed-off-by: John Ferlan <jferlan at redhat.com>
> > ---
> > configure.ac | 1 +
> > src/qemu/qemu_alias.c | 23 +++++++++
> > src/qemu/qemu_alias.h | 2 +
> > src/qemu/qemu_domain.c | 137 +++++++++++++++++++++++++++++++++++++++++++++++++
> > 4 files changed, 163 insertions(+)
> >
> > +static int ATTRIBUTE_UNUSED
> > +qemuDomainSecretIVSetup(virConnectPtr conn,
> > + qemuDomainObjPrivatePtr priv,
> > + qemuDomainSecretInfoPtr secinfo,
> > + const char *srcalias,
> > + virStorageNetProtocol protocol,
> > + virStorageAuthDefPtr authdef)
> > +{
> > + int ret = -1;
> > + int rc;
> > + uint8_t *raw_iv = NULL;
> > + char *secret = NULL;
> > + uint8_t *ciphertext = NULL;
> > + size_t secretlen = 0, ciphertextlen = 0, paddinglen;
>
> Please one variable per line.
>
> > + int secretType = VIR_SECRET_USAGE_TYPE_ISCSI;
>
> Rather than changing to RBD below I think the decision should be done in
> a single swithch.
>
> > + const char *protocolstr = virStorageNetProtocolTypeToString(protocol);
> > + gnutls_cipher_hd_t handle = NULL;
> > + gnutls_datum_t enc_key;
> > + gnutls_datum_t iv_key;
>
> This function is compiled even without gnutls.
>
> > +
> > + secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_IV;
> > + if (VIR_STRDUP(secinfo->s.iv.username, authdef->username) < 0)
> > + return -1;
> > +
> > + if (protocol == VIR_STORAGE_NET_PROTOCOL_RBD)
> > + secretType = VIR_SECRET_USAGE_TYPE_CEPH;
> > +
> > + if (!(secinfo->s.iv.alias = qemuDomainGetIVKeyAlias(srcalias)))
> > + return -1;
> > +
> > + /* Create a random initialization vector */
> > + if (!(raw_iv = qemuDomainGenerateRandomKey(QEMU_DOMAIN_IV_KEY_LEN)))
> > + return -1;
> > +
> > + /* Encode the IV and save that since qemu will need it */
>
> So the initialization vector or IV is a specific of the used cipher. I
> don't think we should use it in the names for the secret type.
>
> Either the name of the cipher should be used or just "secret" if it's
> unlikey that qemu would add new ciphers.
>
> > + base64_encode_alloc((const char *)raw_iv, QEMU_DOMAIN_IV_KEY_LEN,
> > + &secinfo->s.iv.iv);
> > + if (!secinfo->s.iv.iv) {
> > + virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
> > + _("failed to encode initialization vector"));
> > + goto cleanup;
> > + }
> > +
> > + /* Grab the unencoded secret */
> > + if (!(secret = virSecretGetSecretString(conn, protocolstr, false,
>
> In qemuDomainSecretPlainSetup the secret is requested encoded for RBD,
> thus it was possible to use non ascii keys ...
>
> > + authdef, secretType)))
> > + goto cleanup;
> > +
> > + /* Allocate a padded buffer */
> > + secretlen = strlen(secret);
>
> ... which won't work with this.
Yep, since we're treating the secret as raw bytes, we should really
use 'uint8_t *' for 'secret' instead of 'char*' to make it obvious
you can't strlen() it. This means virSecretGetSecretString should
probably return uint8_t too, and have an size_t return for the length
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list