mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
qemuDomainSecretAESSetup: Split out lookup of secret data
Split out the lookup of the secret from the secret driver into qemuDomainSecretAESSetupFromSecret so that we can also instantiate secret objects in qemu with data from other sources. Signed-off-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
parent
bad8637892
commit
88663e59ef
@ -1514,37 +1514,28 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,
|
||||
|
||||
/* qemuDomainSecretAESSetup:
|
||||
* @priv: pointer to domain private object
|
||||
* @secinfo: Pointer to secret info
|
||||
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
|
||||
* @usageType: The virSecretUsageType
|
||||
* @username: username to use for authentication (may be NULL)
|
||||
* @seclookupdef: Pointer to seclookupdef data
|
||||
* @isLuks: True/False for is for luks (alias generation)
|
||||
* @alias: alias of the secret
|
||||
* @username: username to use (may be NULL)
|
||||
* @secret: secret data
|
||||
* @secretlen: length of @secret
|
||||
*
|
||||
* Encrypts a secret looked up via @seclookupdef for use with qemu.
|
||||
* Encrypts @secret for use with qemu.
|
||||
*
|
||||
* Returns qemuDomainSecretInfoPtr filled with the necessary information.
|
||||
*/
|
||||
static qemuDomainSecretInfoPtr
|
||||
qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||||
const char *srcalias,
|
||||
virSecretUsageType usageType,
|
||||
const char *alias,
|
||||
const char *username,
|
||||
virSecretLookupTypeDefPtr seclookupdef,
|
||||
bool isLuks)
|
||||
uint8_t *secret,
|
||||
size_t secretlen)
|
||||
{
|
||||
g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
|
||||
g_autoptr(virConnect) conn = virGetConnectSecret();
|
||||
g_autofree uint8_t *raw_iv = NULL;
|
||||
size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
|
||||
uint8_t *secret = NULL;
|
||||
size_t secretlen = 0;
|
||||
g_autofree uint8_t *ciphertext = NULL;
|
||||
size_t ciphertextlen = 0;
|
||||
|
||||
if (!conn)
|
||||
return NULL;
|
||||
|
||||
if (!qemuDomainSupportsEncryptedSecret(priv)) {
|
||||
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
|
||||
_("encrypted secrets are not supported"));
|
||||
@ -1554,11 +1545,9 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||||
secinfo = g_new0(qemuDomainSecretInfo, 1);
|
||||
|
||||
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
|
||||
secinfo->s.aes.alias = g_strdup(alias);
|
||||
secinfo->s.aes.username = g_strdup(username);
|
||||
|
||||
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
|
||||
return NULL;
|
||||
|
||||
raw_iv = g_new0(uint8_t, ivlen);
|
||||
|
||||
/* Create a random initialization vector */
|
||||
@ -1568,29 +1557,61 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
|
||||
/* Encode the IV and save that since qemu will need it */
|
||||
secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
|
||||
|
||||
/* Grab the unencoded secret */
|
||||
if (virSecretGetSecretString(conn, seclookupdef, usageType,
|
||||
&secret, &secretlen) < 0)
|
||||
goto error;
|
||||
|
||||
if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
|
||||
priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
|
||||
raw_iv, ivlen, secret, secretlen,
|
||||
&ciphertext, &ciphertextlen) < 0)
|
||||
goto error;
|
||||
|
||||
/* Clear out the secret */
|
||||
memset(secret, 0, secretlen);
|
||||
return NULL;
|
||||
|
||||
/* Now encode the ciphertext and store to be passed to qemu */
|
||||
secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
|
||||
ciphertextlen);
|
||||
|
||||
return g_steal_pointer(&secinfo);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* qemuDomainSecretAESSetupFromSecret:
|
||||
* @priv: pointer to domain private object
|
||||
* @srcalias: Alias of the disk/hostdev used to generate the secret alias
|
||||
* @usageType: The virSecretUsageType
|
||||
* @username: username to use for authentication (may be NULL)
|
||||
* @seclookupdef: Pointer to seclookupdef data
|
||||
* @isLuks: True/False for is for luks (alias generation)
|
||||
*
|
||||
* Looks up a secret in the secret driver based on @usageType and @seclookupdef
|
||||
* and builds qemuDomainSecretInfoPtr from it.
|
||||
*/
|
||||
static qemuDomainSecretInfoPtr
|
||||
qemuDomainSecretAESSetupFromSecret(qemuDomainObjPrivatePtr priv,
|
||||
const char *srcalias,
|
||||
virSecretUsageType usageType,
|
||||
const char *username,
|
||||
virSecretLookupTypeDefPtr seclookupdef,
|
||||
bool isLuks)
|
||||
{
|
||||
g_autoptr(virConnect) conn = virGetConnectSecret();
|
||||
qemuDomainSecretInfoPtr secinfo;
|
||||
g_autofree char *alias = NULL;
|
||||
uint8_t *secret = NULL;
|
||||
size_t secretlen = 0;
|
||||
|
||||
if (!conn)
|
||||
return NULL;
|
||||
|
||||
if (!(alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
|
||||
return NULL;
|
||||
|
||||
if (virSecretGetSecretString(conn, seclookupdef, usageType,
|
||||
&secret, &secretlen) < 0)
|
||||
return NULL;
|
||||
|
||||
secinfo = qemuDomainSecretAESSetup(priv, alias, username, secret, secretlen);
|
||||
|
||||
error:
|
||||
VIR_DISPOSE_N(secret, secretlen);
|
||||
return NULL;
|
||||
|
||||
return secinfo;
|
||||
}
|
||||
|
||||
|
||||
@ -1662,8 +1683,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
|
||||
virSecretLookupTypeDefPtr lookupDef,
|
||||
bool isLuks)
|
||||
{
|
||||
return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
|
||||
lookupDef, isLuks);
|
||||
return qemuDomainSecretAESSetupFromSecret(priv, srcAlias, usageType, username,
|
||||
lookupDef, isLuks);
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user