From: "Daniel P. Berrangé" <berrange@redhat.com>
To: qemu-devel@nongnu.org
Cc: "Alexey Krasikov" <alex-krasikov@yandex-team.ru>,
"Daniel P. Berrangé" <berrange@redhat.com>
Subject: [PULL 2/5] crypto/secret: move main logic from 'secret' to 'secret_common'.
Date: Fri, 29 May 2020 11:35:52 +0100 [thread overview]
Message-ID: <20200529103555.2759928-3-berrange@redhat.com> (raw)
In-Reply-To: <20200529103555.2759928-1-berrange@redhat.com>
From: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Create base class 'common secret'. Move common data and logic from
'secret' to 'common_secret' class. This allowed adding abstraction layer
for easier adding new 'secret' objects in future.
Convert 'secret' class to child from basic 'secret_common' with 'data'
and 'file' properties.
Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
crypto/Makefile.objs | 1 +
crypto/secret.c | 347 +---------------------------
crypto/secret_common.c | 403 +++++++++++++++++++++++++++++++++
include/crypto/secret.h | 20 +-
include/crypto/secret_common.h | 68 ++++++
5 files changed, 482 insertions(+), 357 deletions(-)
create mode 100644 crypto/secret_common.c
create mode 100644 include/crypto/secret_common.h
diff --git a/crypto/Makefile.objs b/crypto/Makefile.objs
index cdee92b4e5..110dec1b87 100644
--- a/crypto/Makefile.objs
+++ b/crypto/Makefile.objs
@@ -18,6 +18,7 @@ crypto-obj-y += tlscredsanon.o
crypto-obj-y += tlscredspsk.o
crypto-obj-y += tlscredsx509.o
crypto-obj-y += tlssession.o
+crypto-obj-y += secret_common.o
crypto-obj-y += secret.o
crypto-obj-y += pbkdf.o
crypto-obj-$(CONFIG_NETTLE) += pbkdf-nettle.o
diff --git a/crypto/secret.c b/crypto/secret.c
index 3107aecb47..3447e2f64b 100644
--- a/crypto/secret.c
+++ b/crypto/secret.c
@@ -20,16 +20,14 @@
#include "qemu/osdep.h"
#include "crypto/secret.h"
-#include "crypto/cipher.h"
#include "qapi/error.h"
#include "qom/object_interfaces.h"
-#include "qemu/base64.h"
#include "qemu/module.h"
#include "trace.h"
static void
-qcrypto_secret_load_data(QCryptoSecret *secret,
+qcrypto_secret_load_data(QCryptoSecretCommon *sec_common,
uint8_t **output,
size_t *outputlen,
Error **errp)
@@ -38,6 +36,8 @@ qcrypto_secret_load_data(QCryptoSecret *secret,
size_t length = 0;
GError *gerr = NULL;
+ QCryptoSecret *secret = QCRYPTO_SECRET(sec_common);
+
*output = NULL;
*outputlen = 0;
@@ -65,198 +65,6 @@ qcrypto_secret_load_data(QCryptoSecret *secret,
}
-static void qcrypto_secret_decrypt(QCryptoSecret *secret,
- const uint8_t *input,
- size_t inputlen,
- uint8_t **output,
- size_t *outputlen,
- Error **errp)
-{
- g_autofree uint8_t *key = NULL;
- g_autofree uint8_t *ciphertext = NULL;
- g_autofree uint8_t *iv = NULL;
- size_t keylen, ciphertextlen, ivlen;
- g_autoptr(QCryptoCipher) aes = NULL;
- g_autofree uint8_t *plaintext = NULL;
-
- *output = NULL;
- *outputlen = 0;
-
- if (qcrypto_secret_lookup(secret->keyid,
- &key, &keylen,
- errp) < 0) {
- return;
- }
-
- if (keylen != 32) {
- error_setg(errp, "Key should be 32 bytes in length");
- return;
- }
-
- if (!secret->iv) {
- error_setg(errp, "IV is required to decrypt secret");
- return;
- }
-
- iv = qbase64_decode(secret->iv, -1, &ivlen, errp);
- if (!iv) {
- return;
- }
- if (ivlen != 16) {
- error_setg(errp, "IV should be 16 bytes in length not %zu",
- ivlen);
- return;
- }
-
- aes = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_256,
- QCRYPTO_CIPHER_MODE_CBC,
- key, keylen,
- errp);
- if (!aes) {
- return;
- }
-
- if (qcrypto_cipher_setiv(aes, iv, ivlen, errp) < 0) {
- return;
- }
-
- if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
- ciphertext = qbase64_decode((const gchar*)input,
- inputlen,
- &ciphertextlen,
- errp);
- if (!ciphertext) {
- return;
- }
- plaintext = g_new0(uint8_t, ciphertextlen + 1);
- } else {
- ciphertextlen = inputlen;
- plaintext = g_new0(uint8_t, inputlen + 1);
- }
- if (qcrypto_cipher_decrypt(aes,
- ciphertext ? ciphertext : input,
- plaintext,
- ciphertextlen,
- errp) < 0) {
- return;
- }
-
- if (plaintext[ciphertextlen - 1] > 16 ||
- plaintext[ciphertextlen - 1] > ciphertextlen) {
- error_setg(errp, "Incorrect number of padding bytes (%d) "
- "found on decrypted data",
- (int)plaintext[ciphertextlen - 1]);
- return;
- }
-
- /* Even though plaintext may contain arbitrary NUL
- * ensure it is explicitly NUL terminated.
- */
- ciphertextlen -= plaintext[ciphertextlen - 1];
- plaintext[ciphertextlen] = '\0';
-
- *output = g_steal_pointer(&plaintext);
- *outputlen = ciphertextlen;
-}
-
-
-static void qcrypto_secret_decode(const uint8_t *input,
- size_t inputlen,
- uint8_t **output,
- size_t *outputlen,
- Error **errp)
-{
- *output = qbase64_decode((const gchar*)input,
- inputlen,
- outputlen,
- errp);
-}
-
-
-static void
-qcrypto_secret_prop_set_loaded(Object *obj,
- bool value,
- Error **errp)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
-
- if (value) {
- Error *local_err = NULL;
- uint8_t *input = NULL;
- size_t inputlen = 0;
- uint8_t *output = NULL;
- size_t outputlen = 0;
-
- qcrypto_secret_load_data(secret, &input, &inputlen, &local_err);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
-
- if (secret->keyid) {
- qcrypto_secret_decrypt(secret, input, inputlen,
- &output, &outputlen, &local_err);
- g_free(input);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- input = output;
- inputlen = outputlen;
- } else {
- if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
- qcrypto_secret_decode(input, inputlen,
- &output, &outputlen, &local_err);
- g_free(input);
- if (local_err) {
- error_propagate(errp, local_err);
- return;
- }
- input = output;
- inputlen = outputlen;
- }
- }
-
- secret->rawdata = input;
- secret->rawlen = inputlen;
- } else {
- g_free(secret->rawdata);
- secret->rawdata = NULL;
- secret->rawlen = 0;
- }
-}
-
-
-static bool
-qcrypto_secret_prop_get_loaded(Object *obj,
- Error **errp G_GNUC_UNUSED)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
- return secret->rawdata != NULL;
-}
-
-
-static void
-qcrypto_secret_prop_set_format(Object *obj,
- int value,
- Error **errp G_GNUC_UNUSED)
-{
- QCryptoSecret *creds = QCRYPTO_SECRET(obj);
-
- creds->format = value;
-}
-
-
-static int
-qcrypto_secret_prop_get_format(Object *obj,
- Error **errp G_GNUC_UNUSED)
-{
- QCryptoSecret *creds = QCRYPTO_SECRET(obj);
-
- return creds->format;
-}
-
-
static void
qcrypto_secret_prop_set_data(Object *obj,
const char *value,
@@ -299,48 +107,6 @@ qcrypto_secret_prop_get_file(Object *obj,
}
-static void
-qcrypto_secret_prop_set_iv(Object *obj,
- const char *value,
- Error **errp)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
-
- g_free(secret->iv);
- secret->iv = g_strdup(value);
-}
-
-
-static char *
-qcrypto_secret_prop_get_iv(Object *obj,
- Error **errp)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
- return g_strdup(secret->iv);
-}
-
-
-static void
-qcrypto_secret_prop_set_keyid(Object *obj,
- const char *value,
- Error **errp)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
-
- g_free(secret->keyid);
- secret->keyid = g_strdup(value);
-}
-
-
-static char *
-qcrypto_secret_prop_get_keyid(Object *obj,
- Error **errp)
-{
- QCryptoSecret *secret = QCRYPTO_SECRET(obj);
- return g_strdup(secret->keyid);
-}
-
-
static void
qcrypto_secret_complete(UserCreatable *uc, Error **errp)
{
@@ -353,129 +119,30 @@ qcrypto_secret_finalize(Object *obj)
{
QCryptoSecret *secret = QCRYPTO_SECRET(obj);
- g_free(secret->iv);
g_free(secret->file);
- g_free(secret->keyid);
- g_free(secret->rawdata);
g_free(secret->data);
}
static void
qcrypto_secret_class_init(ObjectClass *oc, void *data)
{
- UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
+ QCryptoSecretCommonClass *sic = QCRYPTO_SECRET_COMMON_CLASS(oc);
+ sic->load_data = qcrypto_secret_load_data;
+ UserCreatableClass *ucc = USER_CREATABLE_CLASS(oc);
ucc->complete = qcrypto_secret_complete;
- object_class_property_add_bool(oc, "loaded",
- qcrypto_secret_prop_get_loaded,
- qcrypto_secret_prop_set_loaded);
- object_class_property_add_enum(oc, "format",
- "QCryptoSecretFormat",
- &QCryptoSecretFormat_lookup,
- qcrypto_secret_prop_get_format,
- qcrypto_secret_prop_set_format);
object_class_property_add_str(oc, "data",
qcrypto_secret_prop_get_data,
qcrypto_secret_prop_set_data);
object_class_property_add_str(oc, "file",
qcrypto_secret_prop_get_file,
qcrypto_secret_prop_set_file);
- object_class_property_add_str(oc, "keyid",
- qcrypto_secret_prop_get_keyid,
- qcrypto_secret_prop_set_keyid);
- object_class_property_add_str(oc, "iv",
- qcrypto_secret_prop_get_iv,
- qcrypto_secret_prop_set_iv);
-}
-
-
-int qcrypto_secret_lookup(const char *secretid,
- uint8_t **data,
- size_t *datalen,
- Error **errp)
-{
- Object *obj;
- QCryptoSecret *secret;
-
- obj = object_resolve_path_component(
- object_get_objects_root(), secretid);
- if (!obj) {
- error_setg(errp, "No secret with id '%s'", secretid);
- return -1;
- }
-
- secret = (QCryptoSecret *)
- object_dynamic_cast(obj,
- TYPE_QCRYPTO_SECRET);
- if (!secret) {
- error_setg(errp, "Object with id '%s' is not a secret",
- secretid);
- return -1;
- }
-
- if (!secret->rawdata) {
- error_setg(errp, "Secret with id '%s' has no data",
- secretid);
- return -1;
- }
-
- *data = g_new0(uint8_t, secret->rawlen + 1);
- memcpy(*data, secret->rawdata, secret->rawlen);
- (*data)[secret->rawlen] = '\0';
- *datalen = secret->rawlen;
-
- return 0;
-}
-
-
-char *qcrypto_secret_lookup_as_utf8(const char *secretid,
- Error **errp)
-{
- uint8_t *data;
- size_t datalen;
-
- if (qcrypto_secret_lookup(secretid,
- &data,
- &datalen,
- errp) < 0) {
- return NULL;
- }
-
- if (!g_utf8_validate((const gchar*)data, datalen, NULL)) {
- error_setg(errp,
- "Data from secret %s is not valid UTF-8",
- secretid);
- g_free(data);
- return NULL;
- }
-
- return (char *)data;
-}
-
-
-char *qcrypto_secret_lookup_as_base64(const char *secretid,
- Error **errp)
-{
- uint8_t *data;
- size_t datalen;
- char *ret;
-
- if (qcrypto_secret_lookup(secretid,
- &data,
- &datalen,
- errp) < 0) {
- return NULL;
- }
-
- ret = g_base64_encode(data, datalen);
- g_free(data);
- return ret;
}
static const TypeInfo qcrypto_secret_info = {
- .parent = TYPE_OBJECT,
+ .parent = TYPE_QCRYPTO_SECRET_COMMON,
.name = TYPE_QCRYPTO_SECRET,
.instance_size = sizeof(QCryptoSecret),
.instance_finalize = qcrypto_secret_finalize,
diff --git a/crypto/secret_common.c b/crypto/secret_common.c
new file mode 100644
index 0000000000..b03d530867
--- /dev/null
+++ b/crypto/secret_common.c
@@ -0,0 +1,403 @@
+/*
+ * QEMU crypto secret support
+ *
+ * Copyright (c) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "crypto/secret_common.h"
+#include "crypto/cipher.h"
+#include "qapi/error.h"
+#include "qom/object_interfaces.h"
+#include "qemu/base64.h"
+#include "qemu/module.h"
+#include "trace.h"
+
+
+static void qcrypto_secret_decrypt(QCryptoSecretCommon *secret,
+ const uint8_t *input,
+ size_t inputlen,
+ uint8_t **output,
+ size_t *outputlen,
+ Error **errp)
+{
+ g_autofree uint8_t *iv = NULL;
+ g_autofree uint8_t *key = NULL;
+ g_autofree uint8_t *ciphertext = NULL;
+ size_t keylen, ciphertextlen, ivlen;
+ g_autoptr(QCryptoCipher) aes = NULL;
+ g_autofree uint8_t *plaintext = NULL;
+
+ *output = NULL;
+ *outputlen = 0;
+
+ if (qcrypto_secret_lookup(secret->keyid,
+ &key, &keylen,
+ errp) < 0) {
+ return;
+ }
+
+ if (keylen != 32) {
+ error_setg(errp, "Key should be 32 bytes in length");
+ return;
+ }
+
+ if (!secret->iv) {
+ error_setg(errp, "IV is required to decrypt secret");
+ return;
+ }
+
+ iv = qbase64_decode(secret->iv, -1, &ivlen, errp);
+ if (!iv) {
+ return;
+ }
+ if (ivlen != 16) {
+ error_setg(errp, "IV should be 16 bytes in length not %zu",
+ ivlen);
+ return;
+ }
+
+ aes = qcrypto_cipher_new(QCRYPTO_CIPHER_ALG_AES_256,
+ QCRYPTO_CIPHER_MODE_CBC,
+ key, keylen,
+ errp);
+ if (!aes) {
+ return;
+ }
+
+ if (qcrypto_cipher_setiv(aes, iv, ivlen, errp) < 0) {
+ return;
+ }
+
+ if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
+ ciphertext = qbase64_decode((const gchar *)input,
+ inputlen,
+ &ciphertextlen,
+ errp);
+ if (!ciphertext) {
+ return;
+ }
+ plaintext = g_new0(uint8_t, ciphertextlen + 1);
+ } else {
+ ciphertextlen = inputlen;
+ plaintext = g_new0(uint8_t, inputlen + 1);
+ }
+ if (qcrypto_cipher_decrypt(aes,
+ ciphertext ? ciphertext : input,
+ plaintext,
+ ciphertextlen,
+ errp) < 0) {
+ return;
+ }
+
+ if (plaintext[ciphertextlen - 1] > 16 ||
+ plaintext[ciphertextlen - 1] > ciphertextlen) {
+ error_setg(errp, "Incorrect number of padding bytes (%d) "
+ "found on decrypted data",
+ (int)plaintext[ciphertextlen - 1]);
+ return;
+ }
+
+ /*
+ * Even though plaintext may contain arbitrary NUL
+ * ensure it is explicitly NUL terminated.
+ */
+ ciphertextlen -= plaintext[ciphertextlen - 1];
+ plaintext[ciphertextlen] = '\0';
+
+ *output = g_steal_pointer(&plaintext);
+ *outputlen = ciphertextlen;
+}
+
+
+static void qcrypto_secret_decode(const uint8_t *input,
+ size_t inputlen,
+ uint8_t **output,
+ size_t *outputlen,
+ Error **errp)
+{
+ *output = qbase64_decode((const gchar *)input,
+ inputlen,
+ outputlen,
+ errp);
+}
+
+
+static void
+qcrypto_secret_prop_set_loaded(Object *obj,
+ bool value,
+ Error **errp)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+ QCryptoSecretCommonClass *sec_class
+ = QCRYPTO_SECRET_COMMON_GET_CLASS(obj);
+
+ if (value) {
+ Error *local_err = NULL;
+ uint8_t *input = NULL;
+ size_t inputlen = 0;
+ uint8_t *output = NULL;
+ size_t outputlen = 0;
+
+ if (sec_class->load_data) {
+ sec_class->load_data(secret, &input, &inputlen, &local_err);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ } else {
+ error_setg(errp, "%s provides no 'load_data' method'",
+ object_get_typename(obj));
+ return;
+ }
+
+ if (secret->keyid) {
+ qcrypto_secret_decrypt(secret, input, inputlen,
+ &output, &outputlen, &local_err);
+ g_free(input);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ input = output;
+ inputlen = outputlen;
+ } else {
+ if (secret->format == QCRYPTO_SECRET_FORMAT_BASE64) {
+ qcrypto_secret_decode(input, inputlen,
+ &output, &outputlen, &local_err);
+ g_free(input);
+ if (local_err) {
+ error_propagate(errp, local_err);
+ return;
+ }
+ input = output;
+ inputlen = outputlen;
+ }
+ }
+
+ secret->rawdata = input;
+ secret->rawlen = inputlen;
+ } else {
+ g_free(secret->rawdata);
+ secret->rawlen = 0;
+ }
+}
+
+
+static bool
+qcrypto_secret_prop_get_loaded(Object *obj,
+ Error **errp G_GNUC_UNUSED)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+ return secret->rawdata != NULL;
+}
+
+
+static void
+qcrypto_secret_prop_set_format(Object *obj,
+ int value,
+ Error **errp G_GNUC_UNUSED)
+{
+ QCryptoSecretCommon *creds = QCRYPTO_SECRET_COMMON(obj);
+ creds->format = value;
+}
+
+
+static int
+qcrypto_secret_prop_get_format(Object *obj,
+ Error **errp G_GNUC_UNUSED)
+{
+ QCryptoSecretCommon *creds = QCRYPTO_SECRET_COMMON(obj);
+ return creds->format;
+}
+
+
+static void
+qcrypto_secret_prop_set_iv(Object *obj,
+ const char *value,
+ Error **errp)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+
+ g_free(secret->iv);
+ secret->iv = g_strdup(value);
+}
+
+
+static char *
+qcrypto_secret_prop_get_iv(Object *obj,
+ Error **errp)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+ return g_strdup(secret->iv);
+}
+
+
+static void
+qcrypto_secret_prop_set_keyid(Object *obj,
+ const char *value,
+ Error **errp)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+
+ g_free(secret->keyid);
+ secret->keyid = g_strdup(value);
+}
+
+
+static char *
+qcrypto_secret_prop_get_keyid(Object *obj,
+ Error **errp)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+ return g_strdup(secret->keyid);
+}
+
+
+static void
+qcrypto_secret_finalize(Object *obj)
+{
+ QCryptoSecretCommon *secret = QCRYPTO_SECRET_COMMON(obj);
+
+ g_free(secret->iv);
+ g_free(secret->keyid);
+ g_free(secret->rawdata);
+}
+
+static void
+qcrypto_secret_class_init(ObjectClass *oc, void *data)
+{
+ object_class_property_add_bool(oc, "loaded",
+ qcrypto_secret_prop_get_loaded,
+ qcrypto_secret_prop_set_loaded);
+ object_class_property_add_enum(oc, "format",
+ "QCryptoSecretFormat",
+ &QCryptoSecretFormat_lookup,
+ qcrypto_secret_prop_get_format,
+ qcrypto_secret_prop_set_format);
+ object_class_property_add_str(oc, "keyid",
+ qcrypto_secret_prop_get_keyid,
+ qcrypto_secret_prop_set_keyid);
+ object_class_property_add_str(oc, "iv",
+ qcrypto_secret_prop_get_iv,
+ qcrypto_secret_prop_set_iv);
+}
+
+
+int qcrypto_secret_lookup(const char *secretid,
+ uint8_t **data,
+ size_t *datalen,
+ Error **errp)
+{
+ Object *obj;
+ QCryptoSecretCommon *secret;
+
+ obj = object_resolve_path_component(
+ object_get_objects_root(), secretid);
+ if (!obj) {
+ error_setg(errp, "No secret with id '%s'", secretid);
+ return -1;
+ }
+
+ secret = (QCryptoSecretCommon *)
+ object_dynamic_cast(obj,
+ TYPE_QCRYPTO_SECRET_COMMON);
+ if (!secret) {
+ error_setg(errp, "Object with id '%s' is not a secret",
+ secretid);
+ return -1;
+ }
+
+ if (!secret->rawdata) {
+ error_setg(errp, "Secret with id '%s' has no data",
+ secretid);
+ return -1;
+ }
+
+ *data = g_new0(uint8_t, secret->rawlen + 1);
+ memcpy(*data, secret->rawdata, secret->rawlen);
+ (*data)[secret->rawlen] = '\0';
+ *datalen = secret->rawlen;
+
+ return 0;
+}
+
+
+char *qcrypto_secret_lookup_as_utf8(const char *secretid,
+ Error **errp)
+{
+ uint8_t *data;
+ size_t datalen;
+
+ if (qcrypto_secret_lookup(secretid,
+ &data,
+ &datalen,
+ errp) < 0) {
+ return NULL;
+ }
+
+ if (!g_utf8_validate((const gchar *)data, datalen, NULL)) {
+ error_setg(errp,
+ "Data from secret %s is not valid UTF-8",
+ secretid);
+ g_free(data);
+ return NULL;
+ }
+
+ return (char *)data;
+}
+
+
+char *qcrypto_secret_lookup_as_base64(const char *secretid,
+ Error **errp)
+{
+ uint8_t *data;
+ size_t datalen;
+ char *ret;
+
+ if (qcrypto_secret_lookup(secretid,
+ &data,
+ &datalen,
+ errp) < 0) {
+ return NULL;
+ }
+
+ ret = g_base64_encode(data, datalen);
+ g_free(data);
+ return ret;
+}
+
+
+static const TypeInfo qcrypto_secret_info = {
+ .parent = TYPE_OBJECT,
+ .name = TYPE_QCRYPTO_SECRET_COMMON,
+ .instance_size = sizeof(QCryptoSecretCommon),
+ .instance_finalize = qcrypto_secret_finalize,
+ .class_size = sizeof(QCryptoSecretCommonClass),
+ .class_init = qcrypto_secret_class_init,
+ .abstract = true,
+};
+
+
+static void
+qcrypto_secret_register_types(void)
+{
+ type_register_static(&qcrypto_secret_info);
+}
+
+
+type_init(qcrypto_secret_register_types);
diff --git a/include/crypto/secret.h b/include/crypto/secret.h
index 5e07e29bae..2deb461d2f 100644
--- a/include/crypto/secret.h
+++ b/include/crypto/secret.h
@@ -23,6 +23,7 @@
#include "qapi/qapi-types-crypto.h"
#include "qom/object.h"
+#include "crypto/secret_common.h"
#define TYPE_QCRYPTO_SECRET "secret"
#define QCRYPTO_SECRET(obj) \
@@ -119,29 +120,14 @@ typedef struct QCryptoSecretClass QCryptoSecretClass;
*/
struct QCryptoSecret {
- Object parent_obj;
- uint8_t *rawdata;
- size_t rawlen;
- QCryptoSecretFormat format;
+ QCryptoSecretCommon parent_obj;
char *data;
char *file;
- char *keyid;
- char *iv;
};
struct QCryptoSecretClass {
- ObjectClass parent_class;
+ QCryptoSecretCommonClass parent_class;
};
-
-extern int qcrypto_secret_lookup(const char *secretid,
- uint8_t **data,
- size_t *datalen,
- Error **errp);
-extern char *qcrypto_secret_lookup_as_utf8(const char *secretid,
- Error **errp);
-extern char *qcrypto_secret_lookup_as_base64(const char *secretid,
- Error **errp);
-
#endif /* QCRYPTO_SECRET_H */
diff --git a/include/crypto/secret_common.h b/include/crypto/secret_common.h
new file mode 100644
index 0000000000..980c02ab71
--- /dev/null
+++ b/include/crypto/secret_common.h
@@ -0,0 +1,68 @@
+/*
+ * QEMU crypto secret support
+ *
+ * Copyright (c) 2015 Red Hat, Inc.
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2.1 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef QCRYPTO_SECRET_COMMON_H
+#define QCRYPTO_SECRET_COMMON_H
+
+#include "qapi/qapi-types-crypto.h"
+#include "qom/object.h"
+
+#define TYPE_QCRYPTO_SECRET_COMMON "secret_common"
+#define QCRYPTO_SECRET_COMMON(obj) \
+ OBJECT_CHECK(QCryptoSecretCommon, (obj), TYPE_QCRYPTO_SECRET_COMMON)
+#define QCRYPTO_SECRET_COMMON_CLASS(class) \
+ OBJECT_CLASS_CHECK(QCryptoSecretCommonClass, \
+ (class), TYPE_QCRYPTO_SECRET_COMMON)
+#define QCRYPTO_SECRET_COMMON_GET_CLASS(obj) \
+ OBJECT_GET_CLASS(QCryptoSecretCommonClass, \
+ (obj), TYPE_QCRYPTO_SECRET_COMMON)
+
+typedef struct QCryptoSecretCommon QCryptoSecretCommon;
+typedef struct QCryptoSecretCommonClass QCryptoSecretCommonClass;
+
+struct QCryptoSecretCommon {
+ Object parent_obj;
+ uint8_t *rawdata;
+ size_t rawlen;
+ QCryptoSecretFormat format;
+ char *keyid;
+ char *iv;
+};
+
+
+struct QCryptoSecretCommonClass {
+ ObjectClass parent_class;
+ void (*load_data)(QCryptoSecretCommon *secret,
+ uint8_t **output,
+ size_t *outputlen,
+ Error **errp);
+};
+
+
+extern int qcrypto_secret_lookup(const char *secretid,
+ uint8_t **data,
+ size_t *datalen,
+ Error **errp);
+extern char *qcrypto_secret_lookup_as_utf8(const char *secretid,
+ Error **errp);
+extern char *qcrypto_secret_lookup_as_base64(const char *secretid,
+ Error **errp);
+
+#endif /* QCRYPTO_SECRET_COMMON_H */
--
2.26.2
next prev parent reply other threads:[~2020-05-29 10:37 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-29 10:35 [PULL 0/5] Qcrypto next patches Daniel P. Berrangé
2020-05-29 10:35 ` [PULL 1/5] crypto: add "none" random provider Daniel P. Berrangé
2020-05-29 10:35 ` Daniel P. Berrangé [this message]
2020-05-29 10:35 ` [PULL 3/5] crypto/linux_keyring: add 'secret_keyring' secret object Daniel P. Berrangé
2020-06-05 11:06 ` Daniel P. Berrangé
2020-05-29 10:35 ` [PULL 4/5] test-crypto-secret: add 'secret_keyring' object tests Daniel P. Berrangé
2020-05-29 10:35 ` [PULL 5/5] crypto: Remove use of GCRYPT_VERSION macro Daniel P. Berrangé
2020-05-29 17:04 ` [PULL 0/5] Qcrypto next patches no-reply
2020-05-29 17:08 ` Daniel P. Berrangé
-- strict thread matches above, loose matches on Subject: below --
2020-06-15 10:36 [PULL v2 " Daniel P. Berrangé
2020-06-15 10:36 ` [PULL 2/5] crypto/secret: move main logic from 'secret' to 'secret_common' Daniel P. Berrangé
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200529103555.2759928-3-berrange@redhat.com \
--to=berrange@redhat.com \
--cc=alex-krasikov@yandex-team.ru \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.