qemu: Simplify qemuDomainSecretInfo

author Peter Krempa <pkrempa@redhat.com>

Wed, 22 Sep 2021 07:34:31 +0000 (09:34 +0200)

committer Peter Krempa <pkrempa@redhat.com>

Wed, 22 Sep 2021 12:53:56 +0000 (14:53 +0200)
author Peter Krempa <pkrempa@redhat.com>
Wed, 22 Sep 2021 07:34:31 +0000 (09:34 +0200)
committer Peter Krempa <pkrempa@redhat.com>
Wed, 22 Sep 2021 12:53:56 +0000 (14:53 +0200)
diff --git a/src/qemu/qemu_backup.c b/src/qemu/qemu_backup.c

index 4f1e3b7bad5954227caa4b73f625d70fda0ea0c4..d7583e7399e362b7047d09ea9e7e2d5b1a66dbcf 100644 (file)
--- a/src/qemu/qemu_backup.c
+++ b/src/qemu/qemu_backup.c
@@ -723,7 +723,7 @@ qemuBackupBeginPrepareTLS(virDomainObj *vm,
          if (qemuBuildSecretInfoProps(secinfo, tlsSecretProps) < 0)
              return -1;
  
-        tlsKeySecretAlias = secinfo->s.aes.alias;
+        tlsKeySecretAlias = secinfo->alias;
      }
  
      if (qemuBuildTLSx509BackendProps(cfg->backupTLSx509certdir, true,
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c

index 0bc92f6a23dac630a8992d35d712c88972feb3d8..393d3f44d7078c2df2fd121cf53ef19edcb0aae9 100644 (file)
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -746,12 +746,12 @@ qemuBlockStorageSourceGetCURLProps(virStorageSource *src,
      if (!onlytarget) {
          if (src->auth) {
              username = src->auth->username;
-            passwordalias = srcPriv->secinfo->s.aes.alias;
+            passwordalias = srcPriv->secinfo->alias;
          }
  
          if (srcPriv &&
              srcPriv->httpcookie)
-            cookiealias = srcPriv->httpcookie->s.aes.alias;
+            cookiealias = srcPriv->httpcookie->alias;
      } else {
          /* format target string along with cookies */
          cookiestr = qemuBlockStorageSourceGetCookieString(src);
@@ -819,7 +819,7 @@ qemuBlockStorageSourceGetISCSIProps(virStorageSource *src,
  
      if (!onlytarget && src->auth) {
          username = src->auth->username;
-        objalias = srcPriv->secinfo->s.aes.alias;
+        objalias = srcPriv->secinfo->alias;
      }
  
      ignore_value(virJSONValueObjectCreate(&ret,
@@ -885,8 +885,8 @@ qemuBlockStorageSourceGetRBDProps(virStorageSource *src,
          return NULL;
  
      if (!onlytarget && src->auth) {
-        username = srcPriv->secinfo->s.aes.username;
-        keysecret = srcPriv->secinfo->s.aes.alias;
+        username = srcPriv->secinfo->username;
+        keysecret = srcPriv->secinfo->alias;
          /* the auth modes are modelled after our old command line generator */
          authmodes = virJSONValueNewArray();
  
@@ -1267,7 +1267,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSource *src,
  {
      qemuDomainStorageSourcePrivate *srcPriv = QEMU_DOMAIN_STORAGE_SOURCE_PRIVATE(src);
  
-    if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->s.aes.alias) {
+    if (!srcPriv || !srcPriv->encinfo || !srcPriv->encinfo->alias) {
          virReportError(VIR_ERR_INTERNAL_ERROR, "%s",
                         _("missing secret info for 'luks' driver"));
          return -1;
@@ -1275,7 +1275,7 @@ qemuBlockStorageSourceGetFormatLUKSProps(virStorageSource *src,
  
      if (virJSONValueObjectAdd(props,
                                "s:driver", "luks",
-                              "s:key-secret", srcPriv->encinfo->s.aes.alias,
+                              "s:key-secret", srcPriv->encinfo->alias,
                                NULL) < 0)
          return -1;
  
@@ -1313,14 +1313,9 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
  
      *encprops = NULL;
  
-    /* qemu requires encrypted secrets regardless of encryption method used when
-     * passed using the blockdev infrastructure, thus only
-     * VIR_DOMAIN_SECRET_INFO_TYPE_AES works here. The correct type needs to be
-     * instantiated elsewhere. */
      if (!src->encryption ||
          !srcpriv ||
-        !srcpriv->encinfo ||
-        srcpriv->encinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES)
+        !srcpriv->encinfo)
          return 0;
  
      switch ((virStorageEncryptionFormatType) src->encryption->format) {
@@ -1342,7 +1337,7 @@ qemuBlockStorageSourceGetCryptoProps(virStorageSource *src,
  
      return virJSONValueObjectCreate(encprops,
                                      "s:format", encformat,
-                                    "s:key-secret", srcpriv->encinfo->s.aes.alias,
+                                    "s:key-secret", srcpriv->encinfo->alias,
                                      NULL);
  }
  
@@ -1906,17 +1901,17 @@ qemuBlockStorageSourceDetachPrepare(virStorageSource *src,
      data->tlsAlias = g_strdup(src->tlsAlias);
  
      if (srcpriv) {
-        if (srcpriv->secinfo && srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-            data->authsecretAlias = g_strdup(srcpriv->secinfo->s.aes.alias);
+        if (srcpriv->secinfo)
+            data->authsecretAlias = g_strdup(srcpriv->secinfo->alias);
  
-        if (srcpriv->encinfo && srcpriv->encinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-            data->encryptsecretAlias = g_strdup(srcpriv->encinfo->s.aes.alias);
+        if (srcpriv->encinfo)
+            data->encryptsecretAlias = g_strdup(srcpriv->encinfo->alias);
  
          if (srcpriv->httpcookie)
-            data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->s.aes.alias);
+            data->httpcookiesecretAlias = g_strdup(srcpriv->httpcookie->alias);
  
          if (srcpriv->tlsKeySecret)
-            data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->s.aes.alias);
+            data->tlsKeySecretAlias = g_strdup(srcpriv->tlsKeySecret->alias);
      }
  
      return g_steal_pointer(&data);
@@ -2319,9 +2314,8 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
      const char *keysecret = NULL;
  
      if (srcpriv &&
-        srcpriv->encinfo &&
-        srcpriv->encinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-        keysecret = srcpriv->encinfo->s.aes.alias;
+        srcpriv->encinfo)
+        keysecret = srcpriv->encinfo->alias;
  
      if (virJSONValueObjectCreate(&props,
                                   "s:key-secret", keysecret,
diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c

index 0b87719f75bd943f37d48b64b851ee6621033168..5b738b230e1babe26e4cf02e5ce34caa54971329 100644 (file)
--- a/src/qemu/qemu_command.c
+++ b/src/qemu/qemu_command.c
@@ -707,9 +707,9 @@ qemuBuildSecretInfoProps(qemuDomainSecretInfo *secinfo,
          return -1;
  
      return qemuMonitorCreateObjectProps(propsret, "secret",
-                                        secinfo->s.aes.alias, "s:data",
-                                        secinfo->s.aes.ciphertext, "s:keyid",
-                                        keyid, "s:iv", secinfo->s.aes.iv,
+                                        secinfo->alias, "s:data",
+                                        secinfo->ciphertext, "s:keyid",
+                                        keyid, "s:iv", secinfo->iv,
                                          "s:format", "base64", NULL);
  }
  
@@ -763,20 +763,11 @@ static int
  qemuBuildRBDSecinfoURI(virBuffer *buf,
                         qemuDomainSecretInfo *secinfo)
  {
-    if (!secinfo) {
+    if (!secinfo)
          virBufferAddLit(buf, ":auth_supported=none");
-        return 0;
-    }
-
-    switch ((qemuDomainSecretInfoType) secinfo->type) {
-    case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
+    else
          virBufferEscape(buf, '\\', ":", ":id=%s:auth_supported=cephx\\;none",
-                        secinfo->s.aes.username);
-        break;
-
-    case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
-        return -1;
-    }
+                        secinfo->username);
  
      return 0;
  }
@@ -1264,8 +1255,8 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
  
          virQEMUBuildBufferEscapeComma(buf, source);
  
-        if (secinfo && secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-            virBufferAsprintf(buf, ",file.password-secret=%s", secinfo->s.aes.alias);
+        if (secinfo)
+            virBufferAsprintf(buf, ",file.password-secret=%s", secinfo->alias);
  
          if (disk->src->debug)
              virBufferAsprintf(buf, ",file.debug=%d", disk->src->debugLevel);
@@ -1282,12 +1273,12 @@ qemuBuildDriveSourceStr(virDomainDiskDef *disk,
  
      if (encinfo) {
          if (disk->src->format == VIR_STORAGE_FILE_RAW) {
-            virBufferAsprintf(buf, "key-secret=%s,", encinfo->s.aes.alias);
+            virBufferAsprintf(buf, "key-secret=%s,", encinfo->alias);
              rawluks = true;
          } else if (disk->src->format == VIR_STORAGE_FILE_QCOW2 &&
                     disk->src->encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS) {
              virBufferAddLit(buf, "encrypt.format=luks,");
-            virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->s.aes.alias);
+            virBufferAsprintf(buf, "encrypt.key-secret=%s,", encinfo->alias);
          }
      }
  
@@ -4886,7 +4877,7 @@ qemuBuildChrChardevStr(virLogManager *logManager,
                                                       qemuCaps) < 0)
                      return NULL;
  
-                tlsCertEncSecAlias = chrSourcePriv->secinfo->s.aes.alias;
+                tlsCertEncSecAlias = chrSourcePriv->secinfo->alias;
              }
  
              if (!(objalias = qemuAliasTLSObjFromSrcAlias(charAlias)))
@@ -5046,9 +5037,8 @@ qemuBuildHostdevSCSIDetachPrepare(virDomainHostdevDef *hostdev,
          ret->storageNodeName = src->nodestorage;
          ret->storageAttached = true;
  
-        if (srcpriv && srcpriv->secinfo &&
-            srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-            ret->authsecretAlias = g_strdup(srcpriv->secinfo->s.aes.alias);
+        if (srcpriv && srcpriv->secinfo)
+            ret->authsecretAlias = g_strdup(srcpriv->secinfo->alias);
  
      } else {
          ret->driveAlias = qemuAliasFromHostdev(hostdev);
@@ -8012,7 +8002,7 @@ qemuBuildGraphicsVNCCommandLine(virQEMUDriverConfig *cfg,
                                                       gfxPriv->secinfo,
                                                       qemuCaps) < 0)
                      return -1;
-                secretAlias = gfxPriv->secinfo->s.aes.alias;
+                secretAlias = gfxPriv->secinfo->alias;
              }
  
              if (qemuBuildTLSx509CommandLine(cmd,
@@ -10898,7 +10888,6 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
  
      if (srcpriv) {
          if (srcpriv->secinfo &&
-            srcpriv->secinfo->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES &&
              qemuBuildSecretInfoProps(srcpriv->secinfo, &data->authsecretProps) < 0)
              return -1;
  
@@ -10914,7 +10903,7 @@ qemuBuildStorageSourceAttachPrepareCommon(virStorageSource *src,
              if (qemuBuildSecretInfoProps(srcpriv->tlsKeySecret, &data->tlsKeySecretProps) < 0)
                  return -1;
  
-            tlsKeySecretAlias = srcpriv->tlsKeySecret->s.aes.alias;
+            tlsKeySecretAlias = srcpriv->tlsKeySecret->alias;
          }
      }
  
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c

index e9c1f3eacb0750edc240849602da03179c836d6c..befe6bd476023bd04314c576095935c99e359d43 100644 (file)
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -657,19 +657,6 @@ qemuDomainMasterKeyCreate(virDomainObj *vm)
  }
  
  
-static void
-qemuDomainSecretAESClear(struct _qemuDomainSecretAES *secret,
-                         bool keepAlias)
-{
-    if (!keepAlias)
-        VIR_FREE(secret->alias);
-
-    VIR_FREE(secret->username);
-    VIR_FREE(secret->iv);
-    VIR_FREE(secret->ciphertext);
-}
-
-
  static void
  qemuDomainSecretInfoClear(qemuDomainSecretInfo *secinfo,
                            bool keepAlias)
@@ -677,14 +664,12 @@ qemuDomainSecretInfoClear(qemuDomainSecretInfo *secinfo,
      if (!secinfo)
          return;
  
-    switch ((qemuDomainSecretInfoType) secinfo->type) {
-    case VIR_DOMAIN_SECRET_INFO_TYPE_AES:
-        qemuDomainSecretAESClear(&secinfo->s.aes, keepAlias);
-        break;
+    if (!keepAlias)
+        VIR_FREE(secinfo->alias);
  
-    case VIR_DOMAIN_SECRET_INFO_TYPE_LAST:
-        break;
-    }
+    VIR_FREE(secinfo->username);
+    VIR_FREE(secinfo->iv);
+    VIR_FREE(secinfo->ciphertext);
  }
  
  
@@ -1106,9 +1091,8 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
  
      secinfo = g_new0(qemuDomainSecretInfo, 1);
  
-    secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
-    secinfo->s.aes.alias = g_strdup(alias);
-    secinfo->s.aes.username = g_strdup(username);
+    secinfo->alias = g_strdup(alias);
+    secinfo->username = g_strdup(username);
  
      raw_iv = g_new0(uint8_t, ivlen);
  
@@ -1117,7 +1101,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
          return NULL;
  
      /* Encode the IV and save that since qemu will need it */
-    secinfo->s.aes.iv = g_base64_encode(raw_iv, ivlen);
+    secinfo->iv = g_base64_encode(raw_iv, ivlen);
  
      if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC,
                               priv->masterKey, QEMU_DOMAIN_MASTER_KEY_LEN,
@@ -1126,8 +1110,7 @@ qemuDomainSecretAESSetup(qemuDomainObjPrivate *priv,
          return NULL;
  
      /* Now encode the ciphertext and store to be passed to qemu */
-    secinfo->s.aes.ciphertext = g_base64_encode(ciphertext,
-                                                ciphertextlen);
+    secinfo->ciphertext = g_base64_encode(ciphertext, ciphertextlen);
  
      return g_steal_pointer(&secinfo);
  }
@@ -1809,11 +1792,9 @@ qemuStorageSourcePrivateDataAssignSecinfo(qemuDomainSecretInfo **secinfo,
  
      if (!*secinfo) {
          *secinfo = g_new0(qemuDomainSecretInfo, 1);
-        (*secinfo)->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
      }
  
-    if ((*secinfo)->type == VIR_DOMAIN_SECRET_INFO_TYPE_AES)
-        (*secinfo)->s.aes.alias = g_steal_pointer(&*alias);
+    (*secinfo)->alias = g_steal_pointer(&*alias);
  
      return 0;
  }
@@ -1881,13 +1862,11 @@ qemuStorageSourcePrivateDataFormatSecinfo(virBuffer *buf,
                                            qemuDomainSecretInfo *secinfo,
                                            const char *type)
  {
-    if (!secinfo ||
-        secinfo->type != VIR_DOMAIN_SECRET_INFO_TYPE_AES ||
-        !secinfo->s.aes.alias)
+    if (!secinfo || !secinfo->alias)
          return;
  
      virBufferAsprintf(buf, "<secret type='%s' alias='%s'/>\n",
-                      type, secinfo->s.aes.alias);
+                      type, secinfo->alias);
  }
  
  
diff --git a/src/qemu/qemu_domain.h b/src/qemu/qemu_domain.h

index cb5c665766d135bb11915bd5002fa4c0fbeb7141..f8004efbb16c1f0cd9509f4d0022fdfe59097560 100644 (file)
--- a/src/qemu/qemu_domain.h
+++ b/src/qemu/qemu_domain.h
@@ -90,31 +90,17 @@ struct _qemuDomainUnpluggingDevice {
  #define QEMU_DEVICE_MAPPER_CONTROL_PATH "/dev/mapper/control"
  
  
-/* Type of domain secret */
-typedef enum {
-    VIR_DOMAIN_SECRET_INFO_TYPE_AES,  /* utilize GNUTLS_CIPHER_AES_256_CBC */
-
-    VIR_DOMAIN_SECRET_INFO_TYPE_LAST
-} qemuDomainSecretInfoType;
-
  #define QEMU_DOMAIN_AES_IV_LEN 16   /* 16 bytes for 128 bit random */
                                      /*    initialization vector */
-typedef struct _qemuDomainSecretAES qemuDomainSecretAES;
-struct _qemuDomainSecretAES {
+
+typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
+struct _qemuDomainSecretInfo {
      char *username;
      char *alias;      /* generated alias for secret */
      char *iv;         /* base64 encoded initialization vector */
      char *ciphertext; /* encoded/encrypted secret */
  };
  
-typedef struct _qemuDomainSecretInfo qemuDomainSecretInfo;
-struct _qemuDomainSecretInfo {
-    qemuDomainSecretInfoType type;
-    union {
-        qemuDomainSecretAES aes;
-    } s;
-};
-
  typedef struct _qemuDomainObjPrivate qemuDomainObjPrivate;
  struct _qemuDomainObjPrivate {
      virQEMUDriver *driver;
diff --git a/src/qemu/qemu_hotplug.c b/src/qemu/qemu_hotplug.c

index 9c16ab456755df6d3c8344f4b0d505b6f664488b..9b0dcf262991d1a849cecabaa3d6f288e4b2ae64 100644 (file)
--- a/src/qemu/qemu_hotplug.c
+++ b/src/qemu/qemu_hotplug.c
@@ -1846,7 +1846,7 @@ qemuDomainGetTLSObjects(virQEMUCaps *qemuCaps,
          if (qemuBuildSecretInfoProps(secinfo, secProps) < 0)
              return -1;
  
-        secAlias = secinfo->s.aes.alias;
+        secAlias = secinfo->alias;
      }
  
      if (qemuBuildTLSx509BackendProps(tlsCertdir, tlsListen, tlsVerify,
@@ -1890,7 +1890,7 @@ qemuDomainAddChardevTLSObjects(virQEMUDriver *driver,
          secinfo = chrSourcePriv->secinfo;
  
      if (secinfo)
-        *secAlias = secinfo->s.aes.alias;
+        *secAlias = secinfo->alias;
  
      if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(charAlias)))
          goto cleanup;
diff --git a/src/qemu/qemu_migration_params.c b/src/qemu/qemu_migration_params.c

index 018e62cf6eff99de28c9c59d8d24205bc32ad965..88dba3b99964b7f073755d2fb376eca756d57e93 100644 (file)
--- a/src/qemu/qemu_migration_params.c
+++ b/src/qemu/qemu_migration_params.c
@@ -955,7 +955,7 @@ qemuMigrationParamsEnableTLS(virQEMUDriver *driver,
                qemuDomainSecretInfoTLSNew(priv, QEMU_MIGRATION_TLS_ALIAS_BASE,
                                           cfg->migrateTLSx509secretUUID)))
              return -1;
-        secAlias = priv->migSecinfo->s.aes.alias;
+        secAlias = priv->migSecinfo->alias;
      }
  
      if (!(*tlsAlias = qemuAliasTLSObjFromSrcAlias(QEMU_MIGRATION_TLS_ALIAS_BASE)))
diff --git a/tests/qemublocktest.c b/tests/qemublocktest.c

index 4af8862c5b85e48c19572c1e89a3d00b953a5084..3e61e923a9897f423b4f4fcad4771aae42e625bd 100644 (file)
--- a/tests/qemublocktest.c
+++ b/tests/qemublocktest.c
@@ -235,19 +235,16 @@ testQemuDiskXMLToJSONFakeSecrets(virStorageSource *src)
      if (src->auth) {
          srcpriv->secinfo = g_new0(qemuDomainSecretInfo, 1);
  
-        srcpriv->secinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
-        srcpriv->secinfo->s.aes.username = g_strdup(src->auth->username);
-
-        srcpriv->secinfo->s.aes.alias = g_strdup_printf("%s-secalias",
-                                                        NULLSTR(src->nodestorage));
+        srcpriv->secinfo->username = g_strdup(src->auth->username);
+        srcpriv->secinfo->alias = g_strdup_printf("%s-secalias",
+                                                  NULLSTR(src->nodestorage));
      }
  
      if (src->encryption) {
          srcpriv->encinfo = g_new0(qemuDomainSecretInfo, 1);
  
-        srcpriv->encinfo->type = VIR_DOMAIN_SECRET_INFO_TYPE_AES;
-        srcpriv->encinfo->s.aes.alias = g_strdup_printf("%s-encalias",
-                                                        NULLSTR(src->nodeformat));
+        srcpriv->encinfo->alias = g_strdup_printf("%s-encalias",
+                                                  NULLSTR(src->nodeformat));
      }
  
      return 0;
author	Peter Krempa <pkrempa@redhat.com>
	Wed, 22 Sep 2021 07:34:31 +0000 (09:34 +0200)
committer	Peter Krempa <pkrempa@redhat.com>
	Wed, 22 Sep 2021 12:53:56 +0000 (14:53 +0200)
src/qemu/qemu_backup.c		patch \| blob \| blame \| history
src/qemu/qemu_block.c		patch \| blob \| blame \| history
src/qemu/qemu_command.c		patch \| blob \| blame \| history
src/qemu/qemu_domain.c		patch \| blob \| blame \| history
src/qemu/qemu_domain.h		patch \| blob \| blame \| history
src/qemu/qemu_hotplug.c		patch \| blob \| blame \| history
src/qemu/qemu_migration_params.c		patch \| blob \| blame \| history
tests/qemublocktest.c		patch \| blob \| blame \| history