From: "Daniel P. Berrange" <berrange@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: qemu-devel@nongnu.org, Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling
Date: Tue, 24 Nov 2015 18:52:15 +0000 [thread overview]
Message-ID: <20151124185215.GA5793@redhat.com> (raw)
In-Reply-To: <5654ACA3.6030907@redhat.com>
On Tue, Nov 24, 2015 at 11:29:55AM -0700, Eric Blake wrote:
> > +static void
> > +qcrypto_secret_load_data(QCryptoSecret *secret,
> > + uint8_t **output,
> > + size_t *outputlen,
> > + Error **errp)
> > +{
> > + int fd;
> > + char *data = NULL;
> > + size_t offset = 0;
> > + size_t length = 0;
> > +
> > + *output = NULL;
> > + *outputlen = 0;
> > +
> > + if (secret->file) {
> > + if (secret->data) {
> > + error_setg(errp,
> > + "'file' and 'data' are mutually exclusive");
>
> Is it worth trying to use a qapi flat union to make the mutual exclusion
> inherent in the type definition, rather than something we have to
> enforce manually? (I've got more experience with qapi than with Object,
> so my question may be nonsensical)
Not ensure sure how you'd wire up a qapi type to a QOM property. It
is probably possible in some manner, but I not sure its particularly
compelling to do it for this.
>
> > + return;
> > + }
> > + fd = qemu_open(secret->file, O_RDONLY);
> > + if (fd < 0) {
> > + error_setg_errno(errp, errno,
> > + "Unable to open %s", secret->file);
>
> Using error_setg_file_open() makes for a consistent message on open()
> failure.
Yep
>
> > + return;
> > + }
> > + while (length < (1024 * 1024)) { /* Limit secrets to 1 MB */
> > + if ((length - offset) < 1024) {
> > + length += 1024;
> > + data = g_renew(char, data, length);
> > + }
> > + ssize_t ret = read(fd, data + offset, length - offset);
> > + if (ret == 0) {
> > + break;
> > + }
> > + if (ret < 0) {
> > + error_setg_errno(errp, errno,
> > + "Unable to read from %s", secret->file);
>
> Does glib have a convenience function for reading contents of a file?
Of course, I completely forgot about g_file_get_contents() which
works just fine.
> > +static void qcrypto_secret_decrypt(QCryptoSecret *secret,
> > + const uint8_t *input,
> > + size_t inputlen,
> > + uint8_t **output,
> > + size_t *outputlen,
> > + Error **errp)
> > +{
> > + uint8_t *key = NULL, *ciphertext = NULL, *iv = NULL;
> > + size_t keylen, ciphertextlen, ivlen;
> > + QCryptoCipher *aes = NULL;
> > + uint8_t *plaintext = NULL;
> > +
> > + *output = NULL;
> > + *outputlen = 0;
> > +
> > + if (qcrypto_secret_lookup(secret->keyid,
> > + &key, &keylen,
> > + errp) < 0) {
> > + goto cleanup;
> > + }
> > +
> > + if (keylen != 32) {
> > + error_setg(errp, "Key should be 32 bytes in length");
> > + goto cleanup;
> > + }
> > +
> > + if (!secret->iv) {
> > + error_setg(errp, "IV is required to decrypt secret");
> > + goto cleanup;
> > + }
> > +
> > + iv = (uint8_t *)g_base64_decode(secret->iv, &ivlen);
>
> Shouldn't this be using qbase64_decode()?
Yeah, it really should
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
next prev parent reply other threads:[~2015-11-24 18:52 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-24 15:02 [Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU Daniel P. Berrange
2015-11-24 15:02 ` [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function Daniel P. Berrange
2015-11-24 15:54 ` Eric Blake
2015-11-24 16:02 ` Daniel P. Berrange
2015-11-24 15:02 ` [Qemu-devel] [PATCH v2 2/5] qemu-char: convert to use error checked base64 decode Daniel P. Berrange
2015-11-24 15:56 ` Eric Blake
2015-11-24 15:02 ` [Qemu-devel] [PATCH v2 3/5] qga: " Daniel P. Berrange
2015-11-24 16:39 ` Eric Blake
2015-11-24 15:02 ` [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling Daniel P. Berrange
2015-11-24 18:29 ` Eric Blake
2015-11-24 18:52 ` Daniel P. Berrange [this message]
2015-11-24 15:02 ` [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys Daniel P. Berrange
2015-11-24 18:33 ` Eric Blake
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151124185215.GA5793@redhat.com \
--to=berrange@redhat.com \
--cc=armbru@redhat.com \
--cc=eblake@redhat.com \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.