On Mon, May 02, 2016 at 05:51:14PM -0400, John Ferlan wrote: > New APIs: > > qemuDomainGetIVKeyAlias: > Generate/return the secret object alias for an initialization > vector (IV) secret info type. This will be saved in the secret > info block. This will be called from qemuDomainSecretIVSetup. > > qemuDomainSecretHaveEncrypt: > Boolean function to determine whether the underly encryption > API is available. This function will utilize a similar mechanism > as the 'gnutls_rnd' did in configure.ac. For this patch it just > returns false. This API is separate from the following one so that > it's possible for the caller to determine whether or not it's > possible to create an IV secret before trying and if not available > fall back to the plain secret mechanism. > > qemuDomainSecretIVSetup: (private) > This API handles the details of the generation of the IV secret > and saves the pieces that need to be passed to qemu in order for > the secret to be decrypted. The encrypted secret based upon the > domain master key, an initialization vector (16 byte random value), > and the stored secret. Finally, the requirement from qemu is the IV > and encrypted secret are to be base64 encoded. They can be passed > either directly or within a file. This implementation chooses > to pass directly rather than a file. > > qemuDomainSecretSetup: (private) > Shim to call either the IV or Plain Setup functions based upon > whether IV secrets are possible (we have the encryption API) or not. > For this patch, the call will still be to set up the Plain since > qemuDomainSecretHaveEncrypt hasn't been enabled yet. > > Use the qemuDomainSecretSetup in qemuDomainSecretDiskPrepare and > qemuDomainSecretHostdevPrepare to add the secret rather than assuming plain. > > Signed-off-by: John Ferlan <jferlan@xxxxxxxxxx> > --- > src/qemu/qemu_alias.c | 23 +++++++ > src/qemu/qemu_alias.h | 2 + > src/qemu/qemu_domain.c | 183 +++++++++++++++++++++++++++++++++++++++++++++++-- > 3 files changed, 201 insertions(+), 7 deletions(-) ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list