From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:38951)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZTyJ7-0004LX-Se
	for qemu-devel@nongnu.org; Mon, 24 Aug 2015 16:25:31 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZTyJ4-0005e7-JL
	for qemu-devel@nongnu.org; Mon, 24 Aug 2015 16:25:29 -0400
Received: from mx1.redhat.com ([209.132.183.28]:44710)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZTyJ4-0005dX-CQ
	for qemu-devel@nongnu.org; Mon, 24 Aug 2015 16:25:26 -0400
Received: from int-mx11.intmail.prod.int.phx2.redhat.com
	(int-mx11.intmail.prod.int.phx2.redhat.com [10.5.11.24])
	by mx1.redhat.com (Postfix) with ESMTPS id EAEC2A86
	for <qemu-devel@nongnu.org>; Mon, 24 Aug 2015 20:25:25 +0000 (UTC)
References: <1440425695-24286-1-git-send-email-berrange@redhat.com>
	<1440425695-24286-2-git-send-email-berrange@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <55DB7DB4.30907@redhat.com>
Date: Mon, 24 Aug 2015 14:25:24 -0600
MIME-Version: 1.0
In-Reply-To: <1440425695-24286-2-git-send-email-berrange@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="BtlkXdh32GWRNQwh5b1u3VvWxFpJ7G1rk"
Subject: Re: [Qemu-devel] [PATCH v4 1/7] crypto: introduce new base module
 for TLS credentials
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Paolo Bonzini <pbonzini@redhat.com>, Gerd Hoffmann <kraxel@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--BtlkXdh32GWRNQwh5b1u3VvWxFpJ7G1rk
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 08/24/2015 08:14 AM, Daniel P. Berrange wrote:
> Introduce a QCryptoTLSCreds class to act as the base class for
> storing TLS credentials. This will be later subclassed to provide
> handling of anonymous and x509 credential types. The subclasses
> will be user creatable objects, so instances can be created &
> deleted via 'object-add' and 'object-del' QMP commands respectively,
> or via the -object command line arg.
>=20
> If the credentials cannot be initialized an error will be reported
> as a QMP reply, or on stderr respectively.
>=20
> The idea is to make it possible to represent and manager TLS

s/manager/manage/

> credentials independantly of the network service that is using

s/independantly/independently/

> them. This will enable multiple services to use the same set of
> credentials and minimize code duplication. A later patch will
> convert the current VNC server TLS code over to use this object.
>=20
> The representation of credentials will be functionally equivalent
> to that currently implemented in the VNC server with one exception.
> The new code has the ability to (optionally) load a pre-generated
> set of diffie-hellman parameters, if the file dh-params.pem exists,
> whereas the current VNC server will always generate them on startup.
> This is beneficial for admins who wish to avoid the (small) time
> sink of generating DH parameters at startup and/or avoid depleting
> entropy.
>=20
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  crypto/Makefile.objs      |   1 +
>  crypto/init.c             |  11 ++
>  crypto/tlscreds.c         | 270 ++++++++++++++++++++++++++++++++++++++=
++++++++
>  crypto/tlscredspriv.h     |  41 +++++++
>  include/crypto/tlscreds.h |  77 +++++++++++++
>  tests/Makefile            |   4 +-
>  6 files changed, 402 insertions(+), 2 deletions(-)
>  create mode 100644 crypto/tlscreds.c
>  create mode 100644 crypto/tlscredspriv.h
>  create mode 100644 include/crypto/tlscreds.h
>=20

> +++ b/crypto/tlscreds.c
> @@ -0,0 +1,270 @@

> +/* #define QCRYPTO_DEBUG */
> +
> +#ifdef QCRYPTO_DEBUG
> +#define DPRINTF(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); }=
 while (0)
> +#else
> +#define DPRINTF(fmt, ...) do { } while (0)
> +#endif

Please rework this to:

#ifdef QCRYPTO_DEBUG
# define QCRYPT_DEBUG_PRINT 1
#else
# define QCRYPT_DEBUG_PRINT 0
#endif
#define DPRINTF(fmt, ...) \
    do { \
        if (QCRYPT_DEBUG_PRINT) { \
            fprintf(stderr, fmt, ## __VA_ARGS__); \
        } \
    } while (0)

so that we don't bit-rot the printf arguments when debugging is disabled.=


> +
> +
> +#define DH_BITS 2048
> +
> +static const char * const endpoint_map[QCRYPTO_TLS_CREDS_ENDPOINT_LAST=
 + 1] =3D {
> +    [QCRYPTO_TLS_CREDS_ENDPOINT_SERVER] =3D "server",
> +    [QCRYPTO_TLS_CREDS_ENDPOINT_CLIENT] =3D "client",
> +    [QCRYPTO_TLS_CREDS_ENDPOINT_LAST] =3D NULL,
> +};

Is it worth an entry in a .json file to get qapi to generate this
mapping automatically?

> +
> +
> +#ifdef CONFIG_GNUTLS
> +int
> +qcrypto_tls_creds_get_dh_params_file(const char *filename,
> +                                     gnutls_dh_params_t *dh_params,
> +                                     Error **errp)
> +{
> +    int ret;
> +
> +    DPRINTF("Loading DH params %s\n", filename ? filename : "<generate=
d>");
> +    if (filename =3D=3D NULL) {
> +        ret =3D gnutls_dh_params_init(dh_params);
> +        if (ret < 0) {
> +            error_setg(errp, "Unable to initialize DH parameters %s",
> +                       gnutls_strerror(ret));

Maybe s/parameters %s/parameters: %s/ ?

> +            return -1;
> +        }
> +        ret =3D gnutls_dh_params_generate2(*dh_params, DH_BITS);
> +        if (ret < 0) {
> +            gnutls_dh_params_deinit(*dh_params);
> +            *dh_params =3D NULL;
> +            error_setg(errp, "Unable to generate DH parameters %s",
> +                       gnutls_strerror(ret));

and again? (Recurring theme, so I'll quit pointing it out)

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--BtlkXdh32GWRNQwh5b1u3VvWxFpJ7G1rk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJV2320AAoJEKeha0olJ0NqrQ0H/2Ua6wALRP2uFH4euRD8bd1B
bGgZ5oWPvNL132QZDMpnLlISza4FGJ0tZdTCtJ2UGgkKdo4kmyBp7CC81qcWWl5X
wBnss4jd0jrluDNPUNIm+HfnXTOC9OlKXNSEEQhZwK8sqOjdaHmMvVxOm84720H3
/4FErELxy/nLdr4PJYOqmrFzxWKv6QEgdoOXXwIG0PsrV++P0LemZEDrsCR40sXe
+KchVZ3dvvuy6lS0ZUaylz6Ue8wasi9DTYgwzP/c6+HvQjueDo9K3aSvcl9BWpXL
oCtGc+FcjpUr6umKlciJI4f8scEqhBsGu0ta3H6B62llNYnc9N5j0ZZGCgn1270=
=OMdj
-----END PGP SIGNATURE-----

--BtlkXdh32GWRNQwh5b1u3VvWxFpJ7G1rk--