[Qemu-devel] [PATCH v4 0/5] Add framework for passing secrets to QEMU

["Daniel P. Berrange" <berrange@redhat.com>]

This small series contains the basic patches for adding a secrets
object previously posted:

 WIP: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
  v2: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg05297.html
  v3: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06184.html

The QCryptoSecret object provides a QOM object that allows
passing secrets (passwords, encryption keys, etc) to QEMU
in a secure manner, via an external file, or on the CLI
or monitor with encryption. It also uses this to allow
use of encrypted x509 keys with the TLS handling code.

Changed in v4:

 - Changed base64 "bad data" tests to be clearer about what they
   are testing (Eric)
 - Change comment about @errp variable in qbase64_decode (Eric)
 - Document need to g_free result of qbase64_decode (Eric)
 - Remove dead code NULL terminating result of g_file_get_contents
   (Eric)
 - Replace g_new+memcpy with g_strdup (Eric)
 - Allow zero-length file for secrets (Eric)

Changed in v3:

 - s/adhoc/ad hoc/ (Eric)
 - Fix mistake in unit test sample data (Eric)
 - Permit inclusion of newline in base64 and test it (Eric)
 - Switch to g_file_get_contents() instead of hand written
   equivalent (Eric)
 - Add missing conversion to qbase64_decode (Eric)

Changed in v2:

 - Fix version tag in QAPI schema to be 2.6 (Eric)
 - Changed "echo -n" to "printf" (Eric)
 - Misc typo fixes (Eric)
 - Added a genmeric qbase64_decode() wrapper around
   g_base64_decode() that does error checking (Markus)
 - Convert callers of g_base64_decode() to qbase64_decode()
   to get error checking (Markus)


Daniel P. Berrange (5):
  util: add base64 decoding function
  qemu-char: convert to use error checked base64 decode
  qga: convert to use error checked base64 decode
  crypto: add QCryptoSecret object class for password/key handling
  crypto: add support for loading encrypted x509 keys

 crypto/Makefile.objs          |   1 +
 crypto/secret.c               | 513 ++++++++++++++++++++++++++++++++++++++++++
 crypto/tlscredsx509.c         |  48 ++++
 include/crypto/secret.h       | 148 ++++++++++++
 include/crypto/tlscredsx509.h |   1 +
 include/qemu/base64.h         |  58 +++++
 qapi-schema.json              |   2 -
 qapi/crypto.json              |  14 ++
 qemu-char.c                   |   8 +-
 qemu-options.hx               |  85 ++++++-
 qga/commands-posix.c          |  11 +-
 qga/commands-win32.c          |  11 +-
 qga/commands.c                |  13 +-
 qmp-commands.hx               |   2 -
 tests/.gitignore              |   2 +
 tests/Makefile                |   5 +
 tests/test-base64.c           | 109 +++++++++
 tests/test-crypto-secret.c    | 452 +++++++++++++++++++++++++++++++++++++
 util/Makefile.objs            |   1 +
 util/base64.c                 |  60 +++++
 20 files changed, 1533 insertions(+), 11 deletions(-)
 create mode 100644 crypto/secret.c
 create mode 100644 include/crypto/secret.h
 create mode 100644 include/qemu/base64.h
 create mode 100644 tests/test-base64.c
 create mode 100644 tests/test-crypto-secret.c
 create mode 100644 util/base64.c

-- 
2.5.0