A new attribute is required, to store the encryption scheme used while encrypting the secret. This value will be "none" if the secret is stored in base64 format.
For backwards compatibility, the secret will not be encrypted when the attribute itself is absent in the configuration file. In other words, the secret will be stored on the disk in base64 encoded format. This new attribute is essential to be stored on the disk in the xml file, so that we can effectively decrypt the secrets while loading them. It also allows us to add more encryption schemes in the future. Signed-off-by: Arun Menon <[email protected]> --- include/libvirt/libvirt-secret.h | 20 ++++++++++++++++++++ src/conf/schemas/secret.rng | 5 +++++ src/conf/secret_conf.c | 21 +++++++++++++++++++++ src/conf/secret_conf.h | 1 + src/util/virsecret.c | 4 ++++ src/util/virsecret.h | 1 + tests/secretxml2xmlin/usage-ceph-space.xml | 1 + tests/secretxml2xmlin/usage-ceph.xml | 1 + tests/secretxml2xmlin/usage-iscsi.xml | 1 + tests/secretxml2xmlin/usage-tls.xml | 1 + tests/secretxml2xmlin/usage-volume.xml | 1 + tests/secretxml2xmlin/usage-vtpm.xml | 1 + 12 files changed, 58 insertions(+) diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h index 761437d4ad..96a4359107 100644 --- a/include/libvirt/libvirt-secret.h +++ b/include/libvirt/libvirt-secret.h @@ -70,6 +70,26 @@ typedef enum { # endif } virSecretUsageType; +/** + * virSecretEncryptionSchemeType: + * + * Since: 11.10.0 + */ +typedef enum { + VIR_SECRET_ENCRYPTION_SCHEME_NONE = 0, /* (Since: 11.10.0) */ + VIR_SECRET_ENCRYPTION_SCHEME_AES256CBS = 1, /* (Since: 11.10.0) */ +# ifdef VIR_ENUM_SENTINELS + VIR_SECRET_ENCRYPTION_SCHEME_LAST + /* + * NB: this enum value will increase over time as new encryption schemes are + * added to the libvirt API. It reflects the last enncryption scheme supported + * by this version of the libvirt API. + * + * Since: 11.10.0 + */ +# endif +} virSecretEncryptionSchemeType; + virConnectPtr virSecretGetConnect (virSecretPtr secret); int virConnectNumOfSecrets (virConnectPtr conn); int virConnectListSecrets (virConnectPtr conn, diff --git a/src/conf/schemas/secret.rng b/src/conf/schemas/secret.rng index c90e2eb81f..ae6e62b438 100644 --- a/src/conf/schemas/secret.rng +++ b/src/conf/schemas/secret.rng @@ -42,6 +42,11 @@ </choice> </element> </optional> + <optional> + <element name="encryptionScheme"> + <text/> + </element> + </optional> </interleave> </element> </define> diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index 966536599e..2fdf3f7f2c 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -131,6 +131,12 @@ virSecretParseXML(xmlXPathContext *ctxt) g_autofree char *ephemeralstr = NULL; g_autofree char *privatestr = NULL; g_autofree char *uuidstr = NULL; + g_autofree char *encryptionScheme = NULL; + + /* Encryption scheme is set to -1 to support existing xml secret configuration + * files. This indicates that no encryption scheme is specified in the XML + */ + int type = -1; def = g_new0(virSecretDef, 1); @@ -170,6 +176,15 @@ virSecretParseXML(xmlXPathContext *ctxt) if (virSecretDefParseUsage(ctxt, def) < 0) return NULL; + encryptionScheme = virXPathString("string(./encryptionScheme)", ctxt); + if (encryptionScheme) { + if ((type = virSecretEncryptionSchemeTypeFromString(encryptionScheme)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown secret encryption scheme %1$d"), def->encryption_scheme); + return NULL; + } + } + def->encryption_scheme = type; return g_steal_pointer(&def); } @@ -242,6 +257,7 @@ virSecretDefFormat(const virSecretDef *def) g_auto(virBuffer) buf = VIR_BUFFER_INITIALIZER; g_auto(virBuffer) attrBuf = VIR_BUFFER_INITIALIZER; g_auto(virBuffer) childBuf = VIR_BUFFER_INIT_CHILD(&buf); + const char *type = NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; virBufferAsprintf(&attrBuf, " ephemeral='%s' private='%s'", @@ -257,6 +273,11 @@ virSecretDefFormat(const virSecretDef *def) virSecretDefFormatUsage(&childBuf, def) < 0) return NULL; + type = virSecretEncryptionSchemeTypeToString(def->encryption_scheme); + if (type != NULL) { + virBufferEscapeString(&childBuf, "<encryptionScheme>%s</encryptionScheme>\n", + type); + } virXMLFormatElement(&buf, "secret", &attrBuf, &childBuf); return virBufferContentAndReset(&buf); } diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 8f8f47933a..a12bc8e095 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -30,6 +30,7 @@ struct _virSecretDef { char *description; /* May be NULL */ virSecretUsageType usage_type; char *usage_id; /* May be NULL */ + virSecretEncryptionSchemeType encryption_scheme; /* virSecretEncryptionSchemeType */ }; void virSecretDefFree(virSecretDef *def); diff --git a/src/util/virsecret.c b/src/util/virsecret.c index 8e74df3b93..c9d9cf2c8a 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -36,6 +36,10 @@ VIR_ENUM_IMPL(virSecretUsage, VIR_SECRET_USAGE_TYPE_LAST, "none", "volume", "ceph", "iscsi", "tls", "vtpm", ); +VIR_ENUM_IMPL(virSecretEncryptionScheme, + VIR_SECRET_ENCRYPTION_SCHEME_LAST, + "none", "aes256cbc", +); void virSecretLookupDefClear(virSecretLookupTypeDef *def) diff --git a/src/util/virsecret.h b/src/util/virsecret.h index c803f0fe33..01998e307d 100644 --- a/src/util/virsecret.h +++ b/src/util/virsecret.h @@ -27,6 +27,7 @@ #include "virenum.h" VIR_ENUM_DECL(virSecretUsage); +VIR_ENUM_DECL(virSecretEncryptionScheme); typedef enum { VIR_SECRET_LOOKUP_TYPE_NONE, diff --git a/tests/secretxml2xmlin/usage-ceph-space.xml b/tests/secretxml2xmlin/usage-ceph-space.xml index 557b12474d..2a7a177931 100644 --- a/tests/secretxml2xmlin/usage-ceph-space.xml +++ b/tests/secretxml2xmlin/usage-ceph-space.xml @@ -4,4 +4,5 @@ <usage type='ceph'> <name>client.admin secret</name> </usage> + <encryptionScheme>none</encryptionScheme> </secret> diff --git a/tests/secretxml2xmlin/usage-ceph.xml b/tests/secretxml2xmlin/usage-ceph.xml index e880293a63..8a2501c21f 100644 --- a/tests/secretxml2xmlin/usage-ceph.xml +++ b/tests/secretxml2xmlin/usage-ceph.xml @@ -4,4 +4,5 @@ <usage type='ceph'> <name>CephCephCephCeph</name> </usage> + <encryptionScheme>none</encryptionScheme> </secret> diff --git a/tests/secretxml2xmlin/usage-iscsi.xml b/tests/secretxml2xmlin/usage-iscsi.xml index bfc94722e0..c36a0f8661 100644 --- a/tests/secretxml2xmlin/usage-iscsi.xml +++ b/tests/secretxml2xmlin/usage-iscsi.xml @@ -4,4 +4,5 @@ <usage type='iscsi'> <target>iscsitarget</target> </usage> + <encryptionScheme>none</encryptionScheme> </secret> diff --git a/tests/secretxml2xmlin/usage-tls.xml b/tests/secretxml2xmlin/usage-tls.xml index 88068b56e0..a021e96279 100644 --- a/tests/secretxml2xmlin/usage-tls.xml +++ b/tests/secretxml2xmlin/usage-tls.xml @@ -4,4 +4,5 @@ <usage type='tls'> <name>mumblyfratz</name> </usage> + <encryptionScheme>none</encryptionScheme> </secret> diff --git a/tests/secretxml2xmlin/usage-volume.xml b/tests/secretxml2xmlin/usage-volume.xml index e273c57686..7f9a4e13b8 100644 --- a/tests/secretxml2xmlin/usage-volume.xml +++ b/tests/secretxml2xmlin/usage-volume.xml @@ -4,4 +4,5 @@ <usage type='volume'> <volume>/var/lib/libvirt/images/image.img</volume> </usage> + <encryptionScheme>none</encryptionScheme> </secret> diff --git a/tests/secretxml2xmlin/usage-vtpm.xml b/tests/secretxml2xmlin/usage-vtpm.xml index 5baff3034d..f9b801f765 100644 --- a/tests/secretxml2xmlin/usage-vtpm.xml +++ b/tests/secretxml2xmlin/usage-vtpm.xml @@ -4,4 +4,5 @@ <usage type='vtpm'> <name>vTPMvTPMvTPM</name> </usage> + <encryptionScheme>aes256cbc</encryptionScheme> </secret> -- 2.51.1
