From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49367) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a0qJi-0002zs-7g for qemu-devel@nongnu.org; Mon, 23 Nov 2015 07:33:59 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a0qJg-0004Or-VP for qemu-devel@nongnu.org; Mon, 23 Nov 2015 07:33:58 -0500 Date: Mon, 23 Nov 2015 12:33:47 +0000 From: "Daniel P. Berrange" Message-ID: <20151123123347.GF18085@redhat.com> References: <1448042670-17433-1-git-send-email-berrange@redhat.com> <1448042670-17433-2-git-send-email-berrange@redhat.com> <564F9A15.8050109@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <564F9A15.8050109@redhat.com> Subject: Re: [Qemu-devel] [PATCH WIP 01/30] crypto: add QCryptoSecret object class for password/key handling Reply-To: "Daniel P. Berrange" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Eric Blake Cc: qemu-devel@nongnu.org, qemu-block@nongnu.org On Fri, Nov 20, 2015 at 03:09:25PM -0700, Eric Blake wrote: > On 11/20/2015 11:04 AM, Daniel P. Berrange wrote: > > + > > +static const char *base64_valid_chars = > > + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/="; > > + > > +static int > > +qcrypto_secret_validate_base64(const uint8_t *input, > > + size_t inputlen, > > + Error **errp) > > Don't we already have base64 utility methods available? We normally use glib, g_base64_encode/decode. Unfortunately the decode method doesn't provide any usefull error reporting facility. It just silently skips any characters that are outside the valid set. So the only way I could get any kind of sensible error report was to do this validation myself against the set of permitted base64 characters. > > +++ b/qapi/crypto.json > > @@ -19,3 +19,17 @@ > > { 'enum': 'QCryptoTLSCredsEndpoint', > > 'prefix': 'QCRYPTO_TLS_CREDS_ENDPOINT', > > 'data': ['client', 'server']} > > + > > + > > +## > > +# QCryptoSecretFormat: > > +# > > +# The data format that the secret is provided in > > +# > > +# @raw: raw bytes. When encoded in JSON only valid UTF-8 sequences can be used > > +# @base64: arbitrary base64 encoded binary data > > +# Since: 2.5 > > You've missed 2.5. Probably need to tweak the whole series to call out 2.6. Yep. > > +## > > +{ 'enum': 'QCryptoSecretFormat', > > + 'prefix': 'QCRYPTO_SECRET_FORMAT', > > + 'data': ['raw', 'base64']} > > diff --git a/qemu-options.hx b/qemu-options.hx > > index 0eea4ee..dd3f7f8 100644 > > --- a/qemu-options.hx > > +++ b/qemu-options.hx > > @@ -3670,6 +3670,7 @@ queue @var{all|rx|tx} is an option that can be applied to any netfilter. > > @option{tx}: the filter is attached to the transmit queue of the netdev, > > where it will receive packets sent by the netdev. > > > > + > > @item -object filter-dump,id=@var{id},netdev=@var{dev},file=@var{filename}][,maxlen=@var{len}] > > Why the added blank line here? Rebase error I presume Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|