From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:47723)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1aRlQZ-0004tz-Cg
	for qemu-devel@nongnu.org; Fri, 05 Feb 2016 13:48:20 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1aRlQY-0000d5-EC
	for qemu-devel@nongnu.org; Fri, 05 Feb 2016 13:48:19 -0500
References: <1453311539-1193-1-git-send-email-berrange@redhat.com>
	<1453311539-1193-7-git-send-email-berrange@redhat.com>
	<56B3EB84.1000100@redhat.com> <20160205124324.GJ13989@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <56B4EE6A.4080803@redhat.com>
Date: Fri, 5 Feb 2016 11:48:10 -0700
MIME-Version: 1.0
In-Reply-To: <20160205124324.GJ13989@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="s7amsrKoxUaT9kTr8KuSLp3KVdRbVViSu"
Subject: Re: [Qemu-devel] [PATCH v2 06/17] crypto: add block encryption
	framework
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>
Cc: Kevin Wolf <kwolf@redhat.com>, Fam Zheng <famz@redhat.com>, qemu-devel@nongnu.org, qemu-block@nongnu.org

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--s7amsrKoxUaT9kTr8KuSLp3KVdRbVViSu
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 02/05/2016 05:43 AM, Daniel P. Berrange wrote:
> On Thu, Feb 04, 2016 at 05:23:32PM -0700, Eric Blake wrote:
>> On 01/20/2016 10:38 AM, Daniel P. Berrange wrote:
>>> Add a generic framework for support different block encryption
>>> formats. Upon instantiating a QCryptoBlock object, it will read
>>> the encryption header and extract the encryption keys. It is
>>> then possible to call methods to encrypt/decrypt data buffers.
>>>
>>> There is also a mode whereby it will create/initialize a new
>>> encryption header on a previously unformatted volume.
>>>
>>> The initial framework comes with support for the legacy QCow
>>> AES based encryption. This enables code in the QCow driver to
>>> be consolidated later.
>>>

>=20
>>> +static gboolean
>>> +qcrypto_block_qcow_has_format(const uint8_t *buf G_GNUC_UNUSED,
>>> +                              size_t buf_size G_GNUC_UNUSED)
>>> +{
>>> +    return false;
>>> +}
>>
>> When I see gboolean, I think TRUE/FALSE.  Yes, C99 'false' happens to
>> promote to the correct value for whatever integer type gboolean is, bu=
t
>> this would read nicer if it returned 'bool'.
>=20
> Yeah, dunno what I was thinking really. I use gboolean in a few places
> due to the gmainloop callback API contract, but this should not have
> needed it.

To be honest, when I see 'gboolean', I _really_ think "Eww. Why did glib
have to botch it?".  Gnulib's <stdbool.h> replacement that gets C99
semantics in all but a few corner cases with a C89 compiler is so much
nicer than glib's blatant wrong typing.


>>> +
>>> +    len =3D strlen(password);
>>> +    if (len > 16) {
>>> +        len =3D 16;
>>> +    }
>>> +    for (i =3D 0; i < len; i++) {
>>> +        keybuf[i] =3D password[i];
>>> +    }
>>
>> What - we really throw away anything longer than 16 bytes?
>=20
> Yes, that's how awesome legacy qcow2 encryption is :-)

I should have mentioned that I saw nothing with this part of your patch,
and was just vocalizing my disgust at what code we are maintaining.  But
it looks like you got my meaning :)


>>> +
>>> +struct QCryptoBlockDriver {
>>> +    int (*open)(QCryptoBlock *block,
>>> +                QCryptoBlockOpenOptions *options,
>>> +                QCryptoBlockReadFunc readfunc,
>>> +                void *opaque,
>>> +                unsigned int flags,
>>> +                Error **errp);
>>
>> No documentation on any of these contracts?
>=20
> They're essentially identical to the public API contracts, so I
> figured it was redundant to duplicate those docs.

Fair enough.  Although I probably could have been spared some confusion
if you had done:

git config diff.orderFile /path/to/foo

the populated foo such that include/* comes before any other file.  I
recently learned that trick; it's also available as git format-patch
-O/path/to/file (with no space after -O), and can make patches a lot
easier to read when you focus the reader on interface first.

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--s7amsrKoxUaT9kTr8KuSLp3KVdRbVViSu
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWtO5qAAoJEKeha0olJ0NqmBsH/0feYJbzEcq8oF6w1uWymyEG
w4A+Q0fqPA0dgD0CFxhSv79zhdbnoO8PC8y8k3FGy4PUM+LO/4MIrRP3kMVCgvS3
DL9LYgVogBsX1Px4+n7w1vsKAEExDAdzf2TK2sapmGRj+62bzXoywVIon12TqQlN
/P6hij3mfnmtq91lE9VqFVu489iFG4S5jlBY0OgU3fs3w5xIOEYNfnZCnUmNdj7S
HgeoGr/PQo48OyEpK9QtZWZFYUJDVga4QDIp4vNaBnK6wapAggkBAvzWmecsgyfY
uxOAiZ9XZpIaQYXRXQQVtF253irhAEk8sw946C5cyL9/2K+EjcK3MBYBXkE7mXU=
=/QiG
-----END PGP SIGNATURE-----

--s7amsrKoxUaT9kTr8KuSLp3KVdRbVViSu--