From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from eggs.gnu.org ([2001:4830:134:3::10]:44951)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZrRE3-0000A2-AQ
	for qemu-devel@nongnu.org; Wed, 28 Oct 2015 09:57:17 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <eblake@redhat.com>) id 1ZrRDx-00011V-Fw
	for qemu-devel@nongnu.org; Wed, 28 Oct 2015 09:57:15 -0400
References: <1445267389-21846-1-git-send-email-berrange@redhat.com>
	<1445267389-21846-7-git-send-email-berrange@redhat.com>
From: Eric Blake <eblake@redhat.com>
Message-ID: <5630D427.4030808@redhat.com>
Date: Wed, 28 Oct 2015 07:56:55 -0600
MIME-Version: 1.0
In-Reply-To: <1445267389-21846-7-git-send-email-berrange@redhat.com>
Content-Type: multipart/signed; micalg=pgp-sha256;
	protocol="application/pgp-signature";
	boundary="M6LEu5eEnHqBmwe49jma7aRmfVs03iJ4k"
Subject: Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to
 qcow options
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: "Daniel P. Berrange" <berrange@redhat.com>, qemu-devel@nongnu.org
Cc: Kevin Wolf <kwolf@redhat.com>, Josh Durgin <jdurgin@redhat.com>, Ronnie Sahlberg <ronniesahlberg@gmail.com>, qemu-block@nongnu.org, Markus Armbruster <armbru@redhat.com>, Stefan Hajnoczi <stefanha@redhat.com>, Paolo Bonzini <pbonzini@redhat.com>

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--M6LEu5eEnHqBmwe49jma7aRmfVs03iJ4k
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

On 10/19/2015 09:09 AM, Daniel P. Berrange wrote:
> Add a 'keyid' parameter that refers to the ID of a
> QCryptoSecret instance that provides the encryption key.
> eg
>=20
>  $QEMU \
>     -object secret,id=3Dsec0,filename=3D/home/berrange/encrypted.pw \
>     -drive file=3D/home/berrange/encrypted.qcow,keyid=3Dsec0
>=20
> Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
> ---
>  block/qcow.c         | 94 +++++++++++++++++++++++++++++++++++++++-----=
--------
>  qapi/block-core.json | 17 +++++++++-
>  2 files changed, 87 insertions(+), 24 deletions(-)
>=20

> +static QCryptoCipher *qcow_get_cipher_from_key(const char *key,
> +                                               Error **errp)
> +{
> +    uint8_t keybuf[16];
> +    int len, i;
> +
> +    memset(keybuf, 0, 16);
> +    len =3D strlen(key);
> +    if (len > 16) {
> +        len =3D 16;
> +    }
> +    /* XXX: we could compress the chars to 7 bits to increase
> +       entropy */
> +    for (i =3D 0; i < len; i++) {
> +        keybuf[i] =3D key[i];
> +    }

Would memcpy() be more efficient?


> @@ -261,33 +331,11 @@ static int qcow_reopen_prepare(BDRVReopenState *s=
tate,
>  static int qcow_set_key(BlockDriverState *bs, const char *key)
>  {
>      BDRVQcowState *s =3D bs->opaque;
> -    uint8_t keybuf[16];
> -    int len, i;
> -    Error *err;
> =20
> -    memset(keybuf, 0, 16);
> -    len =3D strlen(key);
> -    if (len > 16)
> -        len =3D 16;
> -    /* XXX: we could compress the chars to 7 bits to increase
> -       entropy */
> -    for(i =3D 0;i < len;i++) {
> -        keybuf[i] =3D key[i];
> -    }

Oh, I see - code motion.

> +++ b/qapi/block-core.json
> @@ -1562,6 +1562,21 @@
>              'mode':  'Qcow2OverlapCheckMode' } }
> =20
>  ##
> +# @BlockdevOptionsQcow
> +#
> +# Driver specific block device options for qcow.
> +#
> +# @keyid:                 #optional ID of the "secret" object providin=
g the
> +#                         AES decryption key.
> +#

That's a lot of whitespace, but it doesn't hurt.

> +# Since: 2.5
> +##
> +{ 'struct': 'BlockdevOptionsQcow',
> +  'base': 'BlockdevOptionsGenericCOWFormat',
> +  'data': { '*keyid': 'str' } }

Interface looks fine.

Reviewed-by: Eric Blake <eblake@redhat.com>

--=20
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


--M6LEu5eEnHqBmwe49jma7aRmfVs03iJ4k
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
Comment: Public key at http://people.redhat.com/eblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQEcBAEBCAAGBQJWMNQnAAoJEKeha0olJ0NqAnEH+gNf7AXHg0ZyZGwMSM+qqorS
myCzgod4zOR9JiBHQA2j5ly2376esiqfykbqZeHHpBrhSTDaX5RoIsla7cV0aU/N
X1hIBcC+2Eru1Gv2ZF/05oo0WUdXyiU3ZESlpA/eBfHYOb+0ES831iBiXc7fSqiG
TUFw0oJQ1FDKppAQ3kd9nufl9Hg3/L/Fg3yCh0c+1FEaZVQil2LrLFxQOVa5b9LK
j3s+TXlXVHuGzR6OZBrkQH/i6u+0Q97bsT1+ubVY3CI1fhOHo82ckR5rob02IzqL
HpK2AO4Avwz4W3zD+iHzdbFYIFiH6X7tUUzOLbLOzl4j5Pz2YtJhHjsj71Y4hwI=
=70Kg
-----END PGP SIGNATURE-----

--M6LEu5eEnHqBmwe49jma7aRmfVs03iJ4k--