qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow opt

From: Eric Blake
Subject: Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options
Date: Wed, 28 Oct 2015 07:56:55 -0600
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0 
On 10/19/2015 09:09 AM, Daniel P. Berrange wrote:
> Add a 'keyid' parameter that refers to the ID of a
> QCryptoSecret instance that provides the encryption key.
> eg
> 
>  $QEMU \
>     -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
>     -drive file=/home/berrange/encrypted.qcow,keyid=sec0
> 
> Signed-off-by: Daniel P. Berrange <address@hidden>
> ---
>  block/qcow.c         | 94 
> +++++++++++++++++++++++++++++++++++++++-------------
>  qapi/block-core.json | 17 +++++++++-
>  2 files changed, 87 insertions(+), 24 deletions(-)
> 

> +static QCryptoCipher *qcow_get_cipher_from_key(const char *key,
> +                                               Error **errp)
> +{
> +    uint8_t keybuf[16];
> +    int len, i;
> +
> +    memset(keybuf, 0, 16);
> +    len = strlen(key);
> +    if (len > 16) {
> +        len = 16;
> +    }
> +    /* XXX: we could compress the chars to 7 bits to increase
> +       entropy */
> +    for (i = 0; i < len; i++) {
> +        keybuf[i] = key[i];
> +    }

Would memcpy() be more efficient?


> @@ -261,33 +331,11 @@ static int qcow_reopen_prepare(BDRVReopenState *state,
>  static int qcow_set_key(BlockDriverState *bs, const char *key)
>  {
>      BDRVQcowState *s = bs->opaque;
> -    uint8_t keybuf[16];
> -    int len, i;
> -    Error *err;
>  
> -    memset(keybuf, 0, 16);
> -    len = strlen(key);
> -    if (len > 16)
> -        len = 16;
> -    /* XXX: we could compress the chars to 7 bits to increase
> -       entropy */
> -    for(i = 0;i < len;i++) {
> -        keybuf[i] = key[i];
> -    }

Oh, I see - code motion.

> +++ b/qapi/block-core.json
> @@ -1562,6 +1562,21 @@
>              'mode':  'Qcow2OverlapCheckMode' } }
>  
>  ##
> +# @BlockdevOptionsQcow
> +#
> +# Driver specific block device options for qcow.
> +#
> +# @keyid:                 #optional ID of the "secret" object providing the
> +#                         AES decryption key.
> +#

That's a lot of whitespace, but it doesn't hurt.

> +# Since: 2.5
> +##
> +{ 'struct': 'BlockdevOptionsQcow',
> +  'base': 'BlockdevOptionsGenericCOWFormat',
> +  'data': { '*keyid': 'str' } }

Interface looks fine.

Reviewed-by: Eric Blake <address@hidden>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]