[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] [PATCH WIP 01/30] crypto: add QCryptoSecret object clas
|
From: |
Daniel P. Berrange |
|
Subject: |
Re: [Qemu-devel] [PATCH WIP 01/30] crypto: add QCryptoSecret object class for password/key handling |
|
Date: |
Mon, 23 Nov 2015 12:33:47 +0000 |
|
User-agent: |
Mutt/1.5.23 (2015-06-09) |
On Fri, Nov 20, 2015 at 03:09:25PM -0700, Eric Blake wrote:
> On 11/20/2015 11:04 AM, Daniel P. Berrange wrote:
> > +
> > +static const char *base64_valid_chars =
> > + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";
> > +
> > +static int
> > +qcrypto_secret_validate_base64(const uint8_t *input,
> > + size_t inputlen,
> > + Error **errp)
>
> Don't we already have base64 utility methods available?
We normally use glib, g_base64_encode/decode. Unfortunately the
decode method doesn't provide any usefull error reporting facility.
It just silently skips any characters that are outside the valid
set. So the only way I could get any kind of sensible error report
was to do this validation myself against the set of permitted base64
characters.
> > +++ b/qapi/crypto.json
> > @@ -19,3 +19,17 @@
> > { 'enum': 'QCryptoTLSCredsEndpoint',
> > 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT',
> > 'data': ['client', 'server']}
> > +
> > +
> > +##
> > +# QCryptoSecretFormat:
> > +#
> > +# The data format that the secret is provided in
> > +#
> > +# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be
> > used
> > +# @base64: arbitrary base64 encoded binary data
> > +# Since: 2.5
>
> You've missed 2.5. Probably need to tweak the whole series to call out 2.6.
Yep.
> > +##
> > +{ 'enum': 'QCryptoSecretFormat',
> > + 'prefix': 'QCRYPTO_SECRET_FORMAT',
> > + 'data': ['raw', 'base64']}
> > diff --git a/qemu-options.hx b/qemu-options.hx
> > index 0eea4ee..dd3f7f8 100644
> > --- a/qemu-options.hx
> > +++ b/qemu-options.hx
> > @@ -3670,6 +3670,7 @@ queue @var{all|rx|tx} is an option that can be
> > applied to any netfilter.
> > @option{tx}: the filter is attached to the transmit queue of the netdev,
> > where it will receive packets sent by the netdev.
> >
> > +
> > @item -object
> > filter-dump,address@hidden,address@hidden,address@hidden,address@hidden
>
> Why the added blank line here?
Rebase error I presume
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
[Qemu-devel] [PATCH WIP 03/30] qcow: add a 'keyid' parameter to qcow options, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 17/30] crypto: add method for querying hash digest size, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 14/30] block: remove support for writing to qcow/qcow2 encrypted images, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 12/30] block: rip out all traces of password prompting, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 20/30] crypto: ensure qapi/crypto.json is listed in qapi-modules, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 07/30] qemu-nbd: add support for --object command line arg, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 10/30] qemu-nbd: allow specifying image as a set of options args, Daniel P. Berrange, 2015/11/20
[Qemu-devel] [PATCH WIP 13/30] block: remove all encryption handling APIs, Daniel P. Berrange, 2015/11/20