• D
    crypto: add QCryptoSecret object class for password/key handling · ac1d8878
    Daniel P. Berrange 提交于
    Introduce a new QCryptoSecret object class which will be used
    for providing passwords and keys to other objects which need
    sensitive credentials.
    
    The new object can provide secret values directly as properties,
    or indirectly via a file. The latter includes support for file
    descriptor passing syntax on UNIX platforms. Ordinarily passing
    secret values directly as properties is insecure, since they
    are visible in process listings, or in log files showing the
    CLI args / QMP commands. It is possible to use AES-256-CBC to
    encrypt the secret values though, in which case all that is
    visible is the ciphertext.  For ad hoc developer testing though,
    it is fine to provide the secrets directly without encryption
    so this is not explicitly forbidden.
    
    The anticipated scenario is that libvirtd will create a random
    master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key)
    and will use that key to encrypt all passwords it provides to
    QEMU via '-object secret,....'.  This avoids the need for libvirt
    (or other mgmt apps) to worry about file descriptor passing.
    
    It also makes life easier for people who are scripting the
    management of QEMU, for whom FD passing is significantly more
    complex.
    
    Providing data inline (insecure, only for ad hoc dev testing)
    
      $QEMU -object secret,id=sec0,data=letmein
    
    Providing data indirectly in raw format
    
      printf "letmein" > mypasswd.txt
      $QEMU -object secret,id=sec0,file=mypasswd.txt
    
    Providing data indirectly in base64 format
    
      $QEMU -object secret,id=sec0,file=mykey.b64,format=base64
    
    Providing data with encryption
    
      $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
            -object secret,id=sec0,data=[base64 ciphertext],\
    	           keyid=master0,iv=[base64 IV],format=base64
    
    Note that 'format' here refers to the format of the ciphertext
    data. The decrypted data must always be in raw byte format.
    
    More examples are shown in the updated docs.
    Reviewed-by: NEric Blake <eblake@redhat.com>
    Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>
    ac1d8878
Makefile.objs 341 字节