[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow opt
From: |
Eric Blake |
Subject: |
Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options |
Date: |
Wed, 28 Oct 2015 07:56:55 -0600 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 |
On 10/19/2015 09:09 AM, Daniel P. Berrange wrote:
> Add a 'keyid' parameter that refers to the ID of a
> QCryptoSecret instance that provides the encryption key.
> eg
>
> $QEMU \
> -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
> -drive file=/home/berrange/encrypted.qcow,keyid=sec0
>
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
> block/qcow.c | 94
> +++++++++++++++++++++++++++++++++++++++-------------
> qapi/block-core.json | 17 +++++++++-
> 2 files changed, 87 insertions(+), 24 deletions(-)
>
> +static QCryptoCipher *qcow_get_cipher_from_key(const char *key,
> + Error **errp)
> +{
> + uint8_t keybuf[16];
> + int len, i;
> +
> + memset(keybuf, 0, 16);
> + len = strlen(key);
> + if (len > 16) {
> + len = 16;
> + }
> + /* XXX: we could compress the chars to 7 bits to increase
> + entropy */
> + for (i = 0; i < len; i++) {
> + keybuf[i] = key[i];
> + }
Would memcpy() be more efficient?
> @@ -261,33 +331,11 @@ static int qcow_reopen_prepare(BDRVReopenState *state,
> static int qcow_set_key(BlockDriverState *bs, const char *key)
> {
> BDRVQcowState *s = bs->opaque;
> - uint8_t keybuf[16];
> - int len, i;
> - Error *err;
>
> - memset(keybuf, 0, 16);
> - len = strlen(key);
> - if (len > 16)
> - len = 16;
> - /* XXX: we could compress the chars to 7 bits to increase
> - entropy */
> - for(i = 0;i < len;i++) {
> - keybuf[i] = key[i];
> - }
Oh, I see - code motion.
> +++ b/qapi/block-core.json
> @@ -1562,6 +1562,21 @@
> 'mode': 'Qcow2OverlapCheckMode' } }
>
> ##
> +# @BlockdevOptionsQcow
> +#
> +# Driver specific block device options for qcow.
> +#
> +# @keyid: #optional ID of the "secret" object providing the
> +# AES decryption key.
> +#
That's a lot of whitespace, but it doesn't hurt.
> +# Since: 2.5
> +##
> +{ 'struct': 'BlockdevOptionsQcow',
> + 'base': 'BlockdevOptionsGenericCOWFormat',
> + 'data': { '*keyid': 'str' } }
Interface looks fine.
Reviewed-by: Eric Blake <address@hidden>
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, (continued)
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Paolo Bonzini, 2015/10/19
- Re: [Qemu-devel] [PATCH 01/17] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 07/17] qcow2: add a 'keyid' parameter to qcow2 options, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/10/19
- Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options,
Eric Blake <=
[Qemu-devel] [PATCH 10/17] qemu-nbd: add support for --object command line arg, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 13/17] qemu-nbd: allow specifying image as a set of options args, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 08/17] qom: add user_creatable_add & user_creatable_del methods, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 12/17] qemu-io: allow specifying image as a set of options args, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 11/17] qemu-io: add support for --object command line arg, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 09/17] qemu-img: add support for --object command line arg, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 16/17] block: remove all encryption handling APIs, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 15/17] block: rip out all traces of password prompting, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 17/17] block: remove support for writing to qcow/qcow2 encrypted images, Daniel P. Berrange, 2015/10/19
[Qemu-devel] [PATCH 14/17] qemu-img: allow specifying image as a set of options args, Daniel P. Berrange, 2015/10/19