NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

qemuDomainSecretAESSetup: Allocate and return 'secinfo' here

Browse Source 
Rather than passing in an empty qemuDomainSecretInfoPtr allocate it
in this function and return it. This is done by absorbing the check from
qemuDomainSecretInfoNew and removing the internals of
qemuDomainSecretInfoNew.

Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Ján Tomko <jtomko@redhat.com>
This commit is contained in:
Peter Krempa 2020-03-16 10:23:24 +01:00
parent 88126d5f0e
commit bad8637892
1 changed files with 22 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
src/qemu/qemu_domain.c
View File

@ -1521,21 +1521,20 @@ qemuDomainSecretPlainSetup(qemuDomainSecretInfoPtr secinfo,
* @seclookupdef: Pointer to seclookupdef data * @seclookupdef: Pointer to seclookupdef data
* @isLuks: True/False for is for luks (alias generation) * @isLuks: True/False for is for luks (alias generation)
* *
* Taking a secinfo, fill in the AES specific information using the * Encrypts a secret looked up via @seclookupdef for use with qemu.
* *
* Returns 0 on success, -1 on failure with error message * Returns qemuDomainSecretInfoPtr filled with the necessary information.
*/ */
static int static qemuDomainSecretInfoPtr
qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv, qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
qemuDomainSecretInfoPtr secinfo,
const char *srcalias, const char *srcalias,
virSecretUsageType usageType, virSecretUsageType usageType,
const char *username, const char *username,
virSecretLookupTypeDefPtr seclookupdef, virSecretLookupTypeDefPtr seclookupdef,
bool isLuks) bool isLuks)
{ {
g_autoptr(qemuDomainSecretInfo) secinfo = NULL;
g_autoptr(virConnect) conn = virGetConnectSecret(); g_autoptr(virConnect) conn = virGetConnectSecret();
int ret = -1;
g_autofree uint8_t *raw_iv = NULL; g_autofree uint8_t *raw_iv = NULL;
size_t ivlen = QEMU_DOMAIN_AES_IV_LEN; size_t ivlen = QEMU_DOMAIN_AES_IV_LEN;
uint8_t *secret = NULL; uint8_t *secret = NULL;
@ -1544,19 +1543,27 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
size_t ciphertextlen = 0; size_t ciphertextlen = 0;
if (!conn) if (!conn)
return -1; return NULL;
if (!qemuDomainSupportsEncryptedSecret(priv)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("encrypted secrets are not supported"));
return NULL;
}
secinfo = g_new0(qemuDomainSecretInfo, 1);
secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES; secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
secinfo->s.aes.username = g_strdup(username); secinfo->s.aes.username = g_strdup(username);
if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks))) if (!(secinfo->s.aes.alias = qemuDomainGetSecretAESAlias(srcalias, isLuks)))
return -1; return NULL;
raw_iv = g_new0(uint8_t, ivlen); raw_iv = g_new0(uint8_t, ivlen);
/* Create a random initialization vector */ /* Create a random initialization vector */
if (virRandomBytes(raw_iv, ivlen) < 0) if (virRandomBytes(raw_iv, ivlen) < 0)
return -1; return NULL;
/* Encode the IV and save that since qemu will need it */ /* Encode the IV and save that since qemu will need it */
secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen); secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
@ -1564,13 +1571,13 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
/* Grab the unencoded secret */ /* Grab the unencoded secret */
if (virSecretGetSecretString(conn, seclookupdef, usageType, if (virSecretGetSecretString(conn, seclookupdef, usageType,
&secret, &secretlen) < 0) &secret, &secretlen) < 0)
goto cleanup; goto error;
if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC, if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN, priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
raw_iv, ivlen, secret, secretlen, raw_iv, ivlen, secret, secretlen,
&ciphertext, &ciphertextlen) < 0) &ciphertext, &ciphertextlen) < 0)
goto cleanup; goto error;
/* Clear out the secret */ /* Clear out the secret */
memset(secret, 0, secretlen); memset(secret, 0, secretlen);
@ -1579,11 +1586,11 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivatePtr priv,
secinfo->s.aes.ciphertext = g_base64_encode(ciphertext, secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
ciphertextlen); ciphertextlen);
ret = 0; return g_steal_pointer(&secinfo);
cleanup: error:
VIR_DISPOSE_N(secret, secretlen); VIR_DISPOSE_N(secret, secretlen);
return ret; return NULL;
} }
@ -1655,24 +1662,8 @@ qemuDomainSecretInfoNew(qemuDomainObjPrivatePtr priv,
virSecretLookupTypeDefPtr lookupDef, virSecretLookupTypeDefPtr lookupDef,
bool isLuks) bool isLuks)
{ {
qemuDomainSecretInfoPtr secinfo = NULL; return qemuDomainSecretAESSetup(priv, srcAlias, usageType, username,
lookupDef, isLuks);
if (!qemuDomainSupportsEncryptedSecret(priv)) {
virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
_("encrypted secrets are not supported"));
return NULL;
}
if (VIR_ALLOC(secinfo) < 0)
return NULL;
if (qemuDomainSecretAESSetup(priv, secinfo, srcAlias, usageType, username,
lookupDef, isLuks) < 0) {
g_clear_pointer(&secinfo, qemuDomainSecretInfoFree);
return NULL;
}
return secinfo;
} }