[PATCH v2 4/5] qemuDomainSecretAESSetup: Split out lookup of secret data

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Split out the lookup of the secret from the secret driver into
qemuDomainSecretAESSetupFromSecret so that we can also instantiate
secret objects in qemu with data from other sources.

Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx>
---
 src/qemu/qemu_domain.c | 87 ++++++++++++++++++++++++++----------------
 1 file changed, 54 insertions(+), 33 deletions(-)

diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index e83301d84e..ba80bb67d2 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1514,37 +1514,28 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,

 /* qemuDomainSecretAESSetup:
  * @priv: pointer to domain private object
- * @secinfo: Pointer to secret info
- * @srcalias: Alias of the disk/hostdev used to generate the secret alias
- * @usageType: The virSecretUsageType
- * @username: username to use for authentication (may be NULL)
- * @seclookupdef: Pointer to seclookupdef data
- * @isLuks: True/False for is for luks (alias generation)
+ * @alias: alias of the secret
+ * @username: username to use (may be NULL)
+ * @secret: secret data
+ * @secretlen: length of @secret
  *
- * Encrypts a secret looked up via @seclookupdef for use with qemu.
+ * Encrypts @secret for use with qemu.
  *
  * Returns qemuDomainSecretInfoPtr filled with the necessary information.
  */
 static qemuDomainSecretInfoPtr
 qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
-                         const char *srcalias,
-                         virSecretUsageType usageType,
+                         const char *alias,
                          const char *username,
-                         virSecretLookupTypeDefPtr seclookupdef,
-                         bool isLuks)
+                         uint8_t *secret,
+                         size_t secretlen)
 {
     g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
-    g_autoptr(virConnect) conn = virGetConnectSecret();
     g_autofree uint8_t *raw_iv = NULL;
     size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
-    uint8_t *secret = NULL;
-    size_t secretlen = 0;
     g_autofree uint8_t *ciphertext = NULL;
     size_t ciphertextlen = 0;

-    if (!conn)
-        return NULL;
-
     if (!qemuDomainSupportsEncryptedSecret(priv)) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("encrypted secrets are not supported"));
@@ -1554,11 +1545,9 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
     secinfo = g_new0(qemuDomainSecretInfo, 1);

     secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
+    secinfo->s.aes.alias = g_strdup(alias);
     secinfo->s.aes.username = g_strdup(username);

-    if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
-        return NULL;
-
     raw_iv = g_new0(uint8_t, ivlen);

     /* Create a random initialization vector */
@@ -1568,29 +1557,61 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
     /* Encode the IV and save that since qemu will need it */
     secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);

-    /* Grab the unencoded secret */
-    if (virSecretGetSecretString(conn, seclookupdef, usageType,
-                                 &secret, &secretlen) < 0)
-        goto error;
-
     if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
                              priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
                              raw_iv, ivlen, secret, secretlen,
                              &ciphertext, &ciphertextlen) < 0)
-        goto error;
-
-    /* Clear out the secret */
-    memset(secret, 0, secretlen);
+        return NULL;

     /* Now encode the ciphertext and store to be passed to qemu */
     secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
                                                 ciphertextlen);

     return g_steal_pointer(&secinfo);
+}
+
+
+/**
+ * qemuDomainSecretAESSetupFromSecret:
+ * @priv: pointer to domain private object
+ * @srcalias: Alias of the disk/hostdev used to generate the secret alias
+ * @usageType: The virSecretUsageType
+ * @username: username to use for authentication (may be NULL)
+ * @seclookupdef: Pointer to seclookupdef data
+ * @isLuks: True/False for is for luks (alias generation)
+ *
+ * Looks up a secret in the secret driver based on @usageType and @seclookupdef
+ * and builds qemuDomainSecretInfoPtr from it.
+ */
+static qemuDomainSecretInfoPtr
+qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivatePtr priv,
+                                   const char *srcalias,
+                                   virSecretUsageType usageType,
+                                   const char *username,
+                                   virSecretLookupTypeDefPtr seclookupdef,
+                                   bool isLuks)
+{
+    g_autoptr(virConnect) conn = virGetConnectSecret();
+    qemuDomainSecretInfoPtr secinfo;
+    g_autofree char *alias = NULL;
+    uint8_t *secret = NULL;
+    size_t secretlen = 0;
+
+    if (!conn)
+        return NULL;
+
+    if (!(alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
+        return NULL;
+
+    if (virSecretGetSecretString(conn, seclookupdef, usageType,
+                                 &secret, &secretlen) < 0)
+        return NULL;
+
+    secinfo = qemuDomainSecretAESSetup(priv, alias, username, secret, secretlen);

- error:
     VIR_DISPOSE_N(secret, secretlen);
-    return NULL;
+
+    return secinfo;
 }


@@ -1662,8 +1683,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
                         virSecretLookupTypeDefPtr lookupDef,
                         bool isLuks)
 {
-    return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
-                                    lookupDef, isLuks);
+    return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, usageType, username,
+                                              lookupDef, isLuks);
 }


-- 
2.24.1





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux