qemu-commits
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 89bc0b: util: add base64 decoding function

From: GitHub
Subject: [Qemu-commits] [qemu/qemu] 89bc0b: util: add base64 decoding function
Date: Fri, 18 Dec 2015 10:00:03 -0800 
  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 89bc0b6cae6e40e9247bf911162b0aee0c818c4c
      
https://github.com/qemu/qemu/commit/89bc0b6cae6e40e9247bf911162b0aee0c818c4c
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    A include/qemu/base64.h
    M tests/.gitignore
    M tests/Makefile
    A tests/test-base64.c
    M util/Makefile.objs
    A util/base64.c

  Log Message:
  -----------
  util: add base64 decoding function

The standard glib provided g_base64_decode doesn't provide any
kind of sensible error checking on its input. Add a QEMU custom
wrapper qbase64_decode which can be used with untrustworthy
input that can contain invalid base64 characters, embedded
NUL characters, or not be NUL terminated at all.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: e9cf2fe07ff70e939f80c624b44c10a4442eef0b
      
https://github.com/qemu/qemu/commit/e9cf2fe07ff70e939f80c624b44c10a4442eef0b
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    M qapi-schema.json
    M qemu-char.c
    M qmp-commands.hx

  Log Message:
  -----------
  qemu-char: convert to use error checked base64 decode

Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 920639cab0fe28d003c90b53bd8b66e8fb333bdd
      
https://github.com/qemu/qemu/commit/920639cab0fe28d003c90b53bd8b66e8fb333bdd
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    M qga/commands-posix.c
    M qga/commands-win32.c
    M qga/commands.c

  Log Message:
  -----------
  qga: convert to use error checked base64 decode

Switch from using g_base64_decode over to qbase64_decode
in order to get error checking of the base64 input data.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: ac1d88784907c9603b3849b2c3043259f75ed2a5
      
https://github.com/qemu/qemu/commit/ac1d88784907c9603b3849b2c3043259f75ed2a5
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    M crypto/Makefile.objs
    A crypto/secret.c
    A include/crypto/secret.h
    M qapi/crypto.json
    M qemu-options.hx
    M tests/.gitignore
    M tests/Makefile
    A tests/test-crypto-secret.c

  Log Message:
  -----------
  crypto: add QCryptoSecret object class for password/key handling

Introduce a new QCryptoSecret object class which will be used
for providing passwords and keys to other objects which need
sensitive credentials.

The new object can provide secret values directly as properties,
or indirectly via a file. The latter includes support for file
descriptor passing syntax on UNIX platforms. Ordinarily passing
secret values directly as properties is insecure, since they
are visible in process listings, or in log files showing the
CLI args / QMP commands. It is possible to use AES-256-CBC to
encrypt the secret values though, in which case all that is
visible is the ciphertext.  For ad hoc developer testing though,
it is fine to provide the secrets directly without encryption
so this is not explicitly forbidden.

The anticipated scenario is that libvirtd will create a random
master key per QEMU instance (eg /var/run/libvirt/qemu/$VMNAME.key)
and will use that key to encrypt all passwords it provides to
QEMU via '-object secret,....'.  This avoids the need for libvirt
(or other mgmt apps) to worry about file descriptor passing.

It also makes life easier for people who are scripting the
management of QEMU, for whom FD passing is significantly more
complex.

Providing data inline (insecure, only for ad hoc dev testing)

  $QEMU -object secret,id=sec0,data=letmein

Providing data indirectly in raw format

  printf "letmein" > mypasswd.txt
  $QEMU -object secret,id=sec0,file=mypasswd.txt

Providing data indirectly in base64 format

  $QEMU -object secret,id=sec0,file=mykey.b64,format=base64

Providing data with encryption

  $QEMU -object secret,id=master0,file=mykey.b64,format=base64 \
  -object secret,id=sec0,data=[base64 ciphertext],\
      keyid=master0,iv=[base64 IV],format=base64

Note that 'format' here refers to the format of the ciphertext
data. The decrypted data must always be in raw byte format.

More examples are shown in the updated docs.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: 1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9
      
https://github.com/qemu/qemu/commit/1d7b5b4afdcd76e24ec3678d5418b29d4ff06ad9
  Author: Daniel P. Berrange <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    M crypto/tlscredsx509.c
    M include/crypto/tlscredsx509.h
    M qemu-options.hx

  Log Message:
  -----------
  crypto: add support for loading encrypted x509 keys

Make use of the QCryptoSecret object to support loading of
encrypted x509 keys. The optional 'passwordid' parameter
to the tls-creds-x509 object type, provides the ID of a
secret object instance that holds the decryption password
for the PEM file.

 # printf "123456" > mypasswd.txt
 # $QEMU \
    -object secret,id=sec0,filename=mypasswd.txt \
    -object tls-creds-x509,passwordid=sec0,id=creds0,\
      dir=/home/berrange/.pki/qemu,endpoint=server \
    -vnc :1,tls-creds=creds0

This requires QEMU to be linked to GNUTLS >= 3.1.11. If
GNUTLS is too old an error will be reported if an attempt
is made to pass a decryption password.

Reviewed-by: Eric Blake <address@hidden>
Signed-off-by: Daniel P. Berrange <address@hidden>


  Commit: c688084506cf2cf2eba4ba9df4e91abb6e3dab83
      
https://github.com/qemu/qemu/commit/c688084506cf2cf2eba4ba9df4e91abb6e3dab83
  Author: Peter Maydell <address@hidden>
  Date:   2015-12-18 (Fri, 18 Dec 2015)

  Changed paths:
    M crypto/Makefile.objs
    A crypto/secret.c
    M crypto/tlscredsx509.c
    A include/crypto/secret.h
    M include/crypto/tlscredsx509.h
    A include/qemu/base64.h
    M qapi-schema.json
    M qapi/crypto.json
    M qemu-char.c
    M qemu-options.hx
    M qga/commands-posix.c
    M qga/commands-win32.c
    M qga/commands.c
    M qmp-commands.hx
    M tests/.gitignore
    M tests/Makefile
    A tests/test-base64.c
    A tests/test-crypto-secret.c
    M util/Makefile.objs
    A util/base64.c

  Log Message:
  -----------
  Merge remote-tracking branch 
'remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1' into staging

Merge QCryptoSecret object support

# gpg: Signature made Fri 18 Dec 2015 16:51:21 GMT using RSA key ID 15104FDF
# gpg: Good signature from "Daniel P. Berrange <address@hidden>"
# gpg:                 aka "Daniel P. Berrange <address@hidden>"

* remotes/berrange/tags/pull-qcrypto-secrets-base-2015-12-18-1:
  crypto: add support for loading encrypted x509 keys
  crypto: add QCryptoSecret object class for password/key handling
  qga: convert to use error checked base64 decode
  qemu-char: convert to use error checked base64 decode
  util: add base64 decoding function

Signed-off-by: Peter Maydell <address@hidden>


Compare: https://github.com/qemu/qemu/compare/de532ff1df75...c688084506cf
reply via email to
[Prev in Thread] Current Thread [Next in Thread]