[libvirt] [PATCH v5 0/6] Add AES Secret Object support (for RBD only)

John Ferlan jferlan at redhat.com
Thu May 19 20:28:59 UTC 2016

This is a combination of two series... 

The first 2 patches are a followon to (v1 from yesterday):


But there really were a offshoot of the original AES/IV Secret changes (v4):


Hopefully I haven't forgotten anything along the way. There's been numerous
adjustments and changes along the way.

Patch 1 is a combination with adjustments of patches 1&2 from v1. This
        should make virRandomBytes available in the virrandommock library
        which then is used in later patches.

Patch 2 mostly adjust names, comments, adds #ifdef's for unavailable code
        This patch will make use of the virrandommock library instead of
        self-populating the enc_alg and iv_buf. Mainly because it's possible,
        but also since it's the basis for later patches to utilize the same
        virrandommock library.

Patch 3 splits out the existing qemuDomainGenerateRandomKey into a
        vircrypto.c API.  The vircrypto.c was chosen over virrandom.c
        because virrandom.c ends up being included in setuid_rpc_client
        and it wasn't overly clear that it was desired to drag in all
        of gnutls for just this one mock function.

Patch 4 splits out the qemuDomainSecretSetup as was suggested in one review

Patch 5 is new to handle the ability to have more than one mock library
        to preload from a VIRT_TEST_MAIN_PRELOAD macro. As it turns out
        the qemuxml2argvtest will need not only the qemuxml2argvmock, but
        also the virrandommock libraries. I went with comma separated,
        but a "space" separated list is fine with me too.

Patch 6 is the remainder of the v4 of the original series. Splitting it
        up with ATTRIBUTE_UNUSED markers just no longer made sense. Lots
        of changes here to keep up with the previous patches, but also
        to adjust error messages, variable/API names, etc. Also changed
        were the secret alias (leading to adjustments in each of the .args
        file for the secret alias. Along the way I also had to adjust the
        expected encoded ciphertext and iv since the mock algorithm changed
        from all 0xff to an increasing sequence starting at 0x00 through
        the length of the buffer.

John Ferlan (6):
  tests: Add mock for virRandomBytes
  util: Introduce encryption APIs
  util: Introduce virCryptoGenerateRandom
  qemu: Introduce qemuDomainSecretSetup
  tests: Allow comma separate list of libs to preload
  qemu: Utilize qemu secret objects for RBD auth/secret

 configure.ac                                       |   1 +
 src/libvirt_private.syms                           |   3 +
 src/qemu/qemu_alias.c                              |  23 ++
 src/qemu/qemu_alias.h                              |   2 +
 src/qemu/qemu_command.c                            | 117 ++++++++++-
 src/qemu/qemu_domain.c                             | 200 +++++++++++++-----
 src/util/vircrypto.c                               | 233 ++++++++++++++++++++-
 src/util/vircrypto.h                               |  22 +-
 tests/Makefile.am                                  |  12 ++
 ...muxml2argv-disk-drive-network-rbd-auth-AES.args |  31 +++
 ...emuxml2argv-disk-drive-network-rbd-auth-AES.xml |  42 ++++
 tests/qemuxml2argvmock.c                           |  16 ++
 tests/qemuxml2argvtest.c                           |   5 +-
 tests/testutils.c                                  |  12 +-
 tests/vircryptotest.c                              | 100 ++++++++-
 tests/virrandommock.c                              |  39 ++++
 tests/virrandomtest.c                              |  86 ++++++++
 17 files changed, 879 insertions(+), 65 deletions(-)
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.args
 create mode 100644 tests/qemuxml2argvdata/qemuxml2argv-disk-drive-network-rbd-auth-AES.xml
 create mode 100644 tests/virrandommock.c
 create mode 100644 tests/virrandomtest.c


More information about the libvir-list mailing list