From: Kevin Wolf <kwolf@redhat.com>
To: Eric Blake <eblake@redhat.com>
Cc: "Daniel P. Berrange" <berrange@redhat.com>,
qemu-devel@nongnu.org, qemu-block@nongnu.org,
Max Reitz <mreitz@redhat.com>, Alberto Garcia <berto@igalia.com>
Subject: Re: [Qemu-devel] [PATCH v5 02/18] block: add ability to set a prefix for opt names
Date: Thu, 23 Feb 2017 11:28:39 +0100 [thread overview]
Message-ID: <20170223102839.GB6931@noname.redhat.com> (raw)
In-Reply-To: <21ccca53-659f-aa79-3b81-6a8cf1e66ba3@redhat.com>
[-- Attachment #1: Type: text/plain, Size: 2576 bytes --]
Am 22.02.2017 um 19:28 hat Eric Blake geschrieben:
> Using '.' would mean a layer of {} nesting on the wire, maybe as in:
>
> { "driver": "qcow2", ..., "luks" : { "hash-alg": ... } }
>
> but conceptually, I like that a bit better, as it consolidates all the
> luks-related options in one place, and may indeed make it possible to
> reuse the type rather than having two variants (one prefixed, one not,
> depending on whether it is standalone or qcow2).
Right, and this extra nesting to keep everything luks related in one
place is exactly what I wanted to achieve with it.
> I'm also looking later in your series (13/18), where you have:
>
>
> @@ -2344,7 +2348,8 @@
> '*l2-cache-size': 'int',
> '*refcount-cache-size': 'int',
> '*cache-clean-interval': 'int',
> - '*aes-key-secret': 'str' } }
> + '*aes-key-secret': 'str',
> + '*luks-key-secret': 'str' } }
>
>
> Uggh - we have two optional parameters, that must not both be present at
> once. I'm wondering if we can instead do this (hmm, my patches for
> anonymous base/branches in a flat union haven't been taken yet, but you
> get the idea):
>
> ...
> '*cache-clean-interval': 'int',
> '*encryption': 'Qcow2Encryption' } }
>
> { 'enum': 'Qcow2EncryptionType': [ 'aes', 'luks' ] }
> { 'union': 'Qcow2Encryption', 'base': { 'type': 'Qcow2EncryptionType' },
> 'discriminator': 'type', 'data': {
> 'aes': { 'key-secret': 'str' },
> 'luks': { 'key-secret': 'str', '*hash-alg': ..., '*slot': 'int' } } }
>
> so that you can only provide one encryption type, but once you have that
> type, you can then provide all the associated fields for that type. So
> the QMP would look like:
>
> { "driver": "qcow2", ..., "encryption" : { "type": "luks", "hash-alg":
> ... } }
That's actually even better, a more accurate description of the options
on the QAPI level. I like it.
> > Hence, I wanted to have separation between the legacy AES & LUKS
> > namespaces, to make it clear what applies to what scenario.
>
> Again, I think the idea of a flat union, with the discriminator, makes
> it easier to enforce mutual exclusion, rather than having two top-level
> optional fields that cannot both be specified at once. Maybe we should
> also consider making qapi flat unions support a default discriminator,
> so that the "type":"luks" can be omitted, but that's sugar.
With the default discriminator, I'm not sure if that's still "sugar" or
already "too much magic".
Kevin
[-- Attachment #2: Type: application/pgp-signature, Size: 836 bytes --]
next prev parent reply other threads:[~2017-02-23 10:28 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-21 11:54 [Qemu-devel] [PATCH v5 00/18] Convert QCow[2] to QCryptoBlock & add LUKS support Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 01/18] block: expose crypto option names / defs to other drivers Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 02/18] block: add ability to set a prefix for opt names Daniel P. Berrange
2017-02-22 15:18 ` Kevin Wolf
2017-02-22 15:49 ` Daniel P. Berrange
2017-02-22 18:28 ` Eric Blake
2017-02-23 10:28 ` Kevin Wolf [this message]
2017-02-23 10:37 ` Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 03/18] qcow: document another weakness of qcow AES encryption Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 04/18] qcow: require image size to be > 1 for new images Daniel P. Berrange
2017-02-21 11:54 ` [Qemu-devel] [PATCH v5 05/18] iotests: skip 042 with qcow which dosn't support zero sized images Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 06/18] iotests: skip 048 with qcow which doesn't support resize Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 07/18] iotests: fix 097 when run with qcow Daniel P. Berrange
2017-02-22 23:46 ` Eric Blake
2017-03-07 15:44 ` Eric Blake
2017-03-07 15:45 ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 08/18] qcow: make encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-23 12:38 ` Kevin Wolf
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 09/18] qcow: convert QCow to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-21 13:19 ` Alberto Garcia
2017-04-24 16:38 ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 10/18] qcow2: make qcow2_encrypt_sectors encrypt in place Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 11/18] qcow2: convert QCow2 to use QCryptoBlock for encryption Daniel P. Berrange
2017-02-21 13:30 ` Alberto Garcia
2017-04-24 16:50 ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 12/18] qcow2: extend specification to cover LUKS encryption Daniel P. Berrange
2017-02-21 13:33 ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 13/18] qcow2: add support for LUKS encryption format Daniel P. Berrange
2017-02-21 14:13 ` Alberto Garcia
2017-04-24 16:52 ` Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 14/18] qcow2: add iotests to cover LUKS encryption support Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 15/18] iotests: enable tests 134 and 158 to work with qcow (v1) Daniel P. Berrange
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 16/18] block: rip out all traces of password prompting Daniel P. Berrange
2017-02-21 14:20 ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 17/18] block: remove all encryption handling APIs Daniel P. Berrange
2017-02-21 14:28 ` Alberto Garcia
2017-02-21 11:55 ` [Qemu-devel] [PATCH v5 18/18] block: pass option prefix down to crypto layer Daniel P. Berrange
2017-02-21 15:01 ` Alberto Garcia
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170223102839.GB6931@noname.redhat.com \
--to=kwolf@redhat.com \
--cc=berrange@redhat.com \
--cc=berto@igalia.com \
--cc=eblake@redhat.com \
--cc=mreitz@redhat.com \
--cc=qemu-block@nongnu.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).