On Mon, May 02, 2016 at 05:51:14PM -0400, John Ferlan wrote:
New APIs:
qemuDomainGetIVKeyAlias: Generate/return the secret object alias for an initialization vector (IV) secret info type. This will be saved in the secret info block. This will be called from qemuDomainSecretIVSetup.
qemuDomainSecretHaveEncrypt: Boolean function to determine whether the underly encryption API is available. This function will utilize a similar mechanism as the 'gnutls_rnd' did in configure.ac. For this patch it just returns false. This API is separate from the following one so that it's possible for the caller to determine whether or not it's possible to create an IV secret before trying and if not available fall back to the plain secret mechanism.
qemuDomainSecretIVSetup: (private) This API handles the details of the generation of the IV secret and saves the pieces that need to be passed to qemu in order for the secret to be decrypted. The encrypted secret based upon the domain master key, an initialization vector (16 byte random value), and the stored secret. Finally, the requirement from qemu is the IV and encrypted secret are to be base64 encoded. They can be passed either directly or within a file. This implementation chooses to pass directly rather than a file.
qemuDomainSecretSetup: (private) Shim to call either the IV or Plain Setup functions based upon whether IV secrets are possible (we have the encryption API) or not. For this patch, the call will still be to set up the Plain since qemuDomainSecretHaveEncrypt hasn't been enabled yet.
Use the qemuDomainSecretSetup in qemuDomainSecretDiskPrepare and qemuDomainSecretHostdevPrepare to add the secret rather than assuming plain.
Signed-off-by: John Ferlan <jferlan@redhat.com> --- src/qemu/qemu_alias.c | 23 +++++++ src/qemu/qemu_alias.h | 2 + src/qemu/qemu_domain.c | 183 +++++++++++++++++++++++++++++++++++++++++++++++-- 3 files changed, 201 insertions(+), 7 deletions(-)
ACK Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|