Re: [Qemu-devel] [PATCH 06/17] qcow: add a 'keyid' parameter to qcow options

Wed, 28 Oct 2015 06:58:52 -0700 

On 10/19/2015 09:09 AM, Daniel P. Berrange wrote:
> Add a 'keyid' parameter that refers to the ID of a
> QCryptoSecret instance that provides the encryption key.
> eg
> 
>  $QEMU \
>     -object secret,id=sec0,filename=/home/berrange/encrypted.pw \
>     -drive file=/home/berrange/encrypted.qcow,keyid=sec0
> 
> Signed-off-by: Daniel P. Berrange <berra...@redhat.com>
> ---
>  block/qcow.c         | 94 
> +++++++++++++++++++++++++++++++++++++++-------------
>  qapi/block-core.json | 17 +++++++++-
>  2 files changed, 87 insertions(+), 24 deletions(-)
> 

> +static QCryptoCipher *qcow_get_cipher_from_key(const char *key,
> +                                               Error **errp)
> +{
> +    uint8_t keybuf[16];
> +    int len, i;
> +
> +    memset(keybuf, 0, 16);
> +    len = strlen(key);
> +    if (len > 16) {
> +        len = 16;
> +    }
> +    /* XXX: we could compress the chars to 7 bits to increase
> +       entropy */
> +    for (i = 0; i < len; i++) {
> +        keybuf[i] = key[i];
> +    }

Would memcpy() be more efficient?


> @@ -261,33 +331,11 @@ static int qcow_reopen_prepare(BDRVReopenState *state,
>  static int qcow_set_key(BlockDriverState *bs, const char *key)
>  {
>      BDRVQcowState *s = bs->opaque;
> -    uint8_t keybuf[16];
> -    int len, i;
> -    Error *err;
>  
> -    memset(keybuf, 0, 16);
> -    len = strlen(key);
> -    if (len > 16)
> -        len = 16;
> -    /* XXX: we could compress the chars to 7 bits to increase
> -       entropy */
> -    for(i = 0;i < len;i++) {
> -        keybuf[i] = key[i];
> -    }

Oh, I see - code motion.

> +++ b/qapi/block-core.json
> @@ -1562,6 +1562,21 @@
>              'mode':  'Qcow2OverlapCheckMode' } }
>  
>  ##
> +# @BlockdevOptionsQcow
> +#
> +# Driver specific block device options for qcow.
> +#
> +# @keyid:                 #optional ID of the "secret" object providing the
> +#                         AES decryption key.
> +#

That's a lot of whitespace, but it doesn't hurt.

> +# Since: 2.5
> +##
> +{ 'struct': 'BlockdevOptionsQcow',
> +  'base': 'BlockdevOptionsGenericCOWFormat',
> +  'data': { '*keyid': 'str' } }

Interface looks fine.

Reviewed-by: Eric Blake <ebl...@redhat.com>

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to