Re: [libvirt] [PATCH v2 2/4] libvirt: conf: parse XML for protected key management ops

+static int +virDomainKeyWrapDefParseXML(virDomainDefPtr def, xmlXPathContextPtr ctxt) +{ + size_t i; + int ret = -1; + xmlNodePtr *nodes = NULL; + int n; + + if (!(n = virXPathNodeSet("./keywrap/cipher", ctxt, &nodes)))

+ return 0; + + if (VIR_ALLOC(def->keywrap) < 0) + goto cleanup; + + for (i = 0; i < n; i++) {

+ if (virDomainKeyWrapCipherDefParseXML(def->keywrap, nodes[i], ctxt) < 0) + goto cleanup; + } + + if (!def->keywrap->aes && + !def->keywrap->dea) + VIR_FREE(def->keywrap); + + ret = 0; + + cleanup: + if (ret < 0) + VIR_FREE(def->keywrap); + VIR_FREE(nodes); + return ret; +} + /** * virDomainXMLOptionNew: @@ -2361,6 +2491,8 @@ void virDomainDefFree(virDomainDefPtr def) virDomainShmemDefFree(def->shmems[i]); VIR_FREE(def->shmems); + VIR_FREE(def->keywrap); + if (def->namespaceData && def->ns.free) (def->ns.free)(def->namespaceData); @@ -15535,6 +15667,9 @@ virDomainDefParseXML(xmlDocPtr xml, VIR_FREE(tmp); } + if (virDomainKeyWrapDefParseXML(def, ctxt) < 0) + goto error; + /* Extract custom metadata */ if ((node = virXPathNode("./metadata[1]", ctxt)) != NULL) def->metadata = xmlCopyNode(node, 1); @@ -20588,6 +20723,24 @@ virDomainLoaderDefFormat(virBufferPtr buf, } } +static void +virDomainKeyWrapDefFormat(virBufferPtr buf, virDomainKeyWrapDefPtr keywrap) +{ + virBufferAddLit(buf, "<keywrap>\n"); + virBufferAdjustIndent(buf, 2); + + if (keywrap->aes) + virBufferAsprintf(buf, "<cipher name='aes' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->aes)); + + if (keywrap->dea) + virBufferAsprintf(buf, "<cipher name='dea' state='%s'/>\n", + virTristateSwitchTypeToString(keywrap->dea)); + + virBufferAdjustIndent(buf, -2); + virBufferAddLit(buf, "</keywrap>\n"); +} + static bool virDomainDefHasCapabilitiesFeatures(virDomainDefPtr def) { @@ -21490,6 +21643,9 @@ virDomainDefFormatInternal(virDomainDefPtr def, goto error; } + if (def->keywrap) + virDomainKeyWrapDefFormat(buf, def->keywrap); + virBufferAdjustIndent(buf, -2); virBufferAddLit(buf, "</domain>\n"); diff --git a/src/conf/domain_conf.h b/src/conf/domain_conf.h index 8312c20..7b29008 100644 --- a/src/conf/domain_conf.h +++ b/src/conf/domain_conf.h @@ -2119,6 +2119,13 @@ struct _virDomainPowerManagement { int s4; }; +typedef struct _virDomainKeyWrapDef virDomainKeyWrapDef; +typedef virDomainKeyWrapDef *virDomainKeyWrapDefPtr; +struct _virDomainKeyWrapDef { + int aes; /* enum virTristateSwitch */ + int dea; /* enum virTristateSwitch */ +}; + /* * Guest VM main configuration * @@ -2255,6 +2262,8 @@ struct _virDomainDef { void *namespaceData; virDomainXMLNamespace ns; + virDomainKeyWrapDefPtr keywrap; + /* Application-specific custom metadata */ xmlNodePtr metadata; }; @@ -2264,6 +2273,13 @@ void virDomainDefSetMemoryInitial(virDomainDefPtr def, unsigned long long size); unsigned long long virDomainDefGetMemoryActual(virDomainDefPtr def); typedef enum { + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_AES, + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_DEA, + + VIR_DOMAIN_KEY_WRAP_CIPHER_NAME_LAST +} virDomainKeyWrapCipherName; + +typedef enum { VIR_DOMAIN_TAINT_CUSTOM_ARGV, /* Custom ARGV passthrough from XML */ VIR_DOMAIN_TAINT_CUSTOM_MONITOR, /* Custom monitor commands issued */ VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, /* Running with undesirably high privileges */ @@ -2951,6 +2967,7 @@ VIR_ENUM_DECL(virDomainChrTcpProtocol) VIR_ENUM_DECL(virDomainChrSpicevmc) VIR_ENUM_DECL(virDomainSoundCodec) VIR_ENUM_DECL(virDomainSoundModel) +VIR_ENUM_DECL(virDomainKeyWrapCipherName) VIR_ENUM_DECL(virDomainMemballoonModel) VIR_ENUM_DECL(virDomainSmbiosMode) VIR_ENUM_DECL(virDomainWatchdogModel) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index f80fc70..afd0cb6 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -329,6 +329,8 @@ virDomainIOThreadIDDefFree; virDomainIOThreadIDDel; virDomainIOThreadIDFind; virDomainIOThreadSchedDelId; +virDomainKeyWrapCipherNameTypeFromString; +virDomainKeyWrapCipherNameTypeToString; virDomainLeaseDefFree; virDomainLeaseIndex; virDomainLeaseInsert;