[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU |
Date: |
Tue, 24 Nov 2015 15:02:37 +0000 |
This small series contains just the first two patches for
adding the secrets object to QEMU previously shown here:
https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html
The QCryptoSecret object provides a QOM object that allows
passing secrets (passwords, encryption keys, etc) to QEMU
in a secure manner, via an external file, or on the CLI
or monitor with encryption. It also uses this to allow
use of encrypted x509 keys with the TLS handling code.
Changed in v2:
- Fix version tag in QAPI schema to be 2.6 (Eric)
- Changed "echo -n" to "printf" (Eric)
- Misc typo fixes (Eric)
- Added a genmeric qbase64_decode() wrapper around
g_base64_decode() that does error checking (Markus)
- Convert callers of g_base64_decode() to qbase64_decode()
to get error checking (Markus)
Daniel P. Berrange (5):
util: add base64 decoding function
qemu-char: convert to use error checked base64 decode
qga: convert to use error checked base64 decode
crypto: add QCryptoSecret object class for password/key handling
crypto: add support for loading encrypted x509 keys
crypto/Makefile.objs | 1 +
crypto/secret.c | 540 ++++++++++++++++++++++++++++++++++++++++++
crypto/tlscredsx509.c | 47 ++++
include/crypto/secret.h | 148 ++++++++++++
include/crypto/tlscredsx509.h | 1 +
include/qemu/base64.h | 56 +++++
qapi-schema.json | 2 -
qapi/crypto.json | 14 ++
qemu-char.c | 8 +-
qemu-options.hx | 85 ++++++-
qga/commands-posix.c | 11 +-
qga/commands-win32.c | 11 +-
qga/commands.c | 13 +-
qmp-commands.hx | 2 -
tests/.gitignore | 2 +
tests/Makefile | 5 +
tests/test-base64.c | 97 ++++++++
tests/test-crypto-secret.c | 446 ++++++++++++++++++++++++++++++++++
util/Makefile.objs | 1 +
util/base64.c | 60 +++++
20 files changed, 1539 insertions(+), 11 deletions(-)
create mode 100644 crypto/secret.c
create mode 100644 include/crypto/secret.h
create mode 100644 include/qemu/base64.h
create mode 100644 tests/test-base64.c
create mode 100644 tests/test-crypto-secret.c
create mode 100644 util/base64.c
--
2.5.0
- [Qemu-devel] [PATCH v2 0/5] Add framework for passing secrets to QEMU,
Daniel P. Berrange <=
- [Qemu-devel] [PATCH v2 2/5] qemu-char: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 1/5] util: add base64 decoding function, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 5/5] crypto: add support for loading encrypted x509 keys, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 3/5] qga: convert to use error checked base64 decode, Daniel P. Berrange, 2015/11/24
- [Qemu-devel] [PATCH v2 4/5] crypto: add QCryptoSecret object class for password/key handling, Daniel P. Berrange, 2015/11/24