[PATCH RESEND] crypto: add support for sm4 without key length suffix and remove the restriction about ciper name in xml

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



qemu add sm4 in release 9, but the name of sm4 doesn't have the key
length suffix, So set size to 0, construct cipher name without
key length as suffix.
In order to support the snapshot of encrypted disks, it remove
the restrictions about cipher names in XML

Signed-off-by: luzhipeng <luzhipeng@xxxxxxxx>
---
 docs/formatstorageencryption.rst |  8 +++++---
 src/conf/domain_validate.c       | 12 ------------
 src/qemu/qemu_block.c            | 10 +++++++---
 3 files changed, 12 insertions(+), 18 deletions(-)

diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst
index 066d285090..6cb8cf024c 100644
--- a/docs/formatstorageencryption.rst
+++ b/docs/formatstorageencryption.rst
@@ -75,11 +75,13 @@ initialization vector generation.
 
    ``name``
       The name of the cipher algorithm used for data encryption, such as 'aes',
-      'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific
+      'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific
       algorithm is storage driver implementation dependent.
    ``size``
-      The size of the cipher in bits, such as '256', '192', '128', etc. Support
-      of the specific size for a specific cipher is hypervisor dependent.
+      The size of the cipher in bits, such as '256', '192', '128', '0', etc.
+      '0' indicates that the encryption algorithm name doesn't have key length
+      suffix. Support of the specific size for a specific cipher is hypervisor
+      dependent.
    ``mode``
       An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc.
       Support of the specific cipher mode is hypervisor dependent.
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39b8d67928..b70edcaaa0 100644
B
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -529,18 +529,6 @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src)
         }
     }
 
-    if (src->encryption) {
-        virStorageEncryption *encryption = src->encryption;
-
-        if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
-            encryption->encinfo.cipher_name) {
-
-            virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
-                           _("supplying <cipher> for domain disk definition is unnecessary"));
-            return -1;
-        }
-    }
-
     /* internal snapshots and config files are currently supported only with rbd: */
     if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK &&
         src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) {
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index d6cdf521c4..ac55c077e9 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -2137,9 +2137,13 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
 
     if (src->encryption) {
         if (src->encryption->encinfo.cipher_name) {
-            cipheralg = g_strdup_printf("%s-%u",
-                                        src->encryption->encinfo.cipher_name,
-                                        src->encryption->encinfo.cipher_size);
+            if (src->encryption->encinfo.cipher_size) {
+                cipheralg = g_strdup_printf("%s-%u",
+                                            src->encryption->encinfo.cipher_name,
+                                            src->encryption->encinfo.cipher_size);
+	    } else {
+                cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name);
+	    }
         }
 
         if (virJSONValueObjectAdd(&props,
-- 
2.34.0.windows.1





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux