Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"
On 06/21/2016 08:08 AM, Peter Krempa wrote: > On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote: >> Add a new secret type known as "key" - it will handle adding the secret >> objects that need a key (or passphrase), such as will soon be the case > > This may be misleading a "key" is not equal to a "passprhase" in usual > encryption terminology. Key usually refers to the actual encryption key > used to encrypt the data whereas passprhase is usually a human readable > secret string (which may not be random at all) used to access the key > later. > > The cryptsetup man page tends to treat them interchangably to some > extent (eg a key slot equals to passprhase, but the master key refers to > the actual encryption key used for the data). > > To avoid confusion I'd rather stick with "passphrase". > >> for a luks volume for both storage driver create and libvirt domain usage. >> >> Signed-off-by: John Ferlan >> --- Perhaps a rephrasing... Instead of: ... Text ... The preference is: ... Text ... Where, I'm struggling what to call "XXX". It's not a ... uses uses uses So given that, does the following work? Text In the long run "Text" is what's used by the in order to match/find the secret. Currently the domain secrets have: ... ... ... where "usage='string'" essentially the contents of "Text" NB: There are patches to allow usage for So, for LUKS we would then have ... The YYY could be 'passphrase', right? Furthermore "the future" would "reuse" this type - so I'm trying to make it generic as possible. John -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"
On 06/21/2016 08:08 AM, Peter Krempa wrote: > On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote: >> Add a new secret type known as "key" - it will handle adding the secret >> objects that need a key (or passphrase), such as will soon be the case > > This may be misleading a "key" is not equal to a "passprhase" in usual > encryption terminology. Key usually refers to the actual encryption key > used to encrypt the data whereas passprhase is usually a human readable > secret string (which may not be random at all) used to access the key > later. > > The cryptsetup man page tends to treat them interchangably to some > extent (eg a key slot equals to passprhase, but the master key refers to > the actual encryption key used for the data). > > To avoid confusion I'd rather stick with "passphrase". > >> for a luks volume for both storage driver create and libvirt domain usage. >> >> Signed-off-by: John Ferlan >> --- While replying to review comments from 6/19, I realized another reason I went with "key" over "passphrase". Consider the existing/old qcow encryption format (http://libvirt.org/formatsecret.html) The XML looks like: Super secret name of my first puppy 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f /var/lib/libvirt/images/puppyname.img while the XML has: or once patch 11 hits: where 'usage' matches 'volume' Using something other than passphrase allowed me to distinguish between that 'old' format and this new style... Using "passphrase" will then have format of: / And a format of Sample 0a81f5b2-8403-7b23-c8d6-21ccc2f80d6f somestring where "somestring" is just a 'usage' string and not the actual passphrase which would be set by the 'secret-set-value' command. I could have the XML use something different than passphrase, but key just seemed to be the most reasonable beyond passphrase. Unless you have a different suggestion for a better name. John Hopefully this was clear... -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"
On 06/21/2016 08:08 AM, Peter Krempa wrote: > On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote: >> Add a new secret type known as "key" - it will handle adding the secret >> objects that need a key (or passphrase), such as will soon be the case > > This may be misleading a "key" is not equal to a "passprhase" in usual > encryption terminology. Key usually refers to the actual encryption key > used to encrypt the data whereas passprhase is usually a human readable > secret string (which may not be random at all) used to access the key > later. > > The cryptsetup man page tends to treat them interchangably to some > extent (eg a key slot equals to passprhase, but the master key refers to > the actual encryption key used for the data). > > To avoid confusion I'd rather stick with "passphrase". > That was my other choice... 'key' was just shorter and easier to type. I'll make that adjustment, so it'll be: f52a81b2-424e-490c-823d-6bd4235bc572 Sample Passphrase Secret mumblyfratz John >> for a luks volume for both storage driver create and libvirt domain usage. >> >> Signed-off-by: John Ferlan >> --- -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH 14/19] conf: Add new secret type "key"
On Mon, Jun 13, 2016 at 20:27:53 -0400, John Ferlan wrote: > Add a new secret type known as "key" - it will handle adding the secret > objects that need a key (or passphrase), such as will soon be the case This may be misleading a "key" is not equal to a "passprhase" in usual encryption terminology. Key usually refers to the actual encryption key used to encrypt the data whereas passprhase is usually a human readable secret string (which may not be random at all) used to access the key later. The cryptsetup man page tends to treat them interchangably to some extent (eg a key slot equals to passprhase, but the master key refers to the actual encryption key used for the data). To avoid confusion I'd rather stick with "passphrase". > for a luks volume for both storage driver create and libvirt domain usage. > > Signed-off-by: John Ferlan > --- -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
[libvirt] [PATCH 14/19] conf: Add new secret type "key"
Add a new secret type known as "key" - it will handle adding the secret objects that need a key (or passphrase), such as will soon be the case for a luks volume for both storage driver create and libvirt domain usage. Signed-off-by: John Ferlan --- docs/aclpolkit.html.in | 4 +++ docs/formatsecret.html.in | 57 +++-- docs/schemas/secret.rng | 10 +++ include/libvirt/libvirt-secret.h| 3 +- src/access/viraccessdriverpolkit.c | 13 + src/conf/secret_conf.c | 26 - src/conf/secret_conf.h | 1 + src/conf/virsecretobj.c | 5 tests/secretxml2xmlin/usage-key.xml | 7 + tests/secretxml2xmltest.c | 1 + 10 files changed, 123 insertions(+), 4 deletions(-) create mode 100644 tests/secretxml2xmlin/usage-key.xml diff --git a/docs/aclpolkit.html.in b/docs/aclpolkit.html.in index dae0814..6b7a237 100644 --- a/docs/aclpolkit.html.in +++ b/docs/aclpolkit.html.in @@ -224,6 +224,10 @@ secret_usage_target Name of the associated iSCSI target, if any + + secret_usage_luks + Name of the associated luks volume, if any + diff --git a/docs/formatsecret.html.in b/docs/formatsecret.html.in index 599cb38..3bb810a 100644 --- a/docs/formatsecret.html.in +++ b/docs/formatsecret.html.in @@ -41,8 +41,9 @@ Specifies what this secret is used for. A mandatory type attribute specifies the usage category, currently -only volume, ceph and iscsi -are defined. Specific usage categories are described below. +only volume, ceph, iscsi, +and key are defined. Specific usage categories +are described below. @@ -241,5 +242,57 @@+ +Usage type "key" + + + This secret is a general purpose secret to be used by various libvirt + objects to provide a single key (or passphrase) as required by the + object in order to perform its authentication. + Since 1.3.6. The following is an example + of a key-secret.xml file: + + + + # cat key-secret.xml + + + + # virsh secret-define key-secret.xml + Secret 718c71bd-67b5-4a2b-87ec-a24e8ca200dc created + + # virsh secret-list + UUID Usage + --- + 718c71bd-67b5-4a2b-87ec-a24e8ca200dc key key_example + # + + + + + A secret may also be defined via the + + virSecretDefineXML API. + + Once the secret is defined, a secret value will need to be set. This + value would be the same used to create and use the volume. + The following is a simple example of using + virsh secret-set-value to set the secret value. The + + virSecretSetValue API may also be used to set + a more secure secret without using printable/readable characters. + + + + # MYSECRET=`printf %s "letmein" | base64` + # virsh secret-set-value 718c71bd-67b5-4a2b-87ec-a24e8ca200dc $MYSECRET + Secret value set + + + diff --git a/docs/schemas/secret.rng b/docs/schemas/secret.rng index e21e700..3d131eb 100644 --- a/docs/schemas/secret.rng +++ b/docs/schemas/secret.rng @@ -36,6 +36,7 @@ + @@ -71,4 +72,13 @@ + + + key + + + + + + diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-secret.h index 3e5cdf6..fadf811 100644 --- a/include/libvirt/libvirt-secret.h +++ b/include/libvirt/libvirt-secret.h @@ -4,7 +4,7 @@ * Description: Provides APIs for the management of secrets * Author: Daniel Veillard * - * Copyright (C) 2006-2014 Red Hat, Inc. + * Copyright (C) 2006-2014, 2016 Red Hat, Inc. * * This library is free software; you can redistribute it and/or * modify it under the terms of the GNU Lesser General Public @@ -43,6 +43,7 @@ typedef enum { VIR_SECRET_USAGE_TYPE_VOLUME = 1, VIR_SECRET_USAGE_TYPE_CEPH = 2, VIR_SECRET_USAGE_TYPE_ISCSI = 3, +VIR_SECRET_USAGE_TYPE_KEY = 4, # ifdef VIR_ENUM_SENTINELS VIR_SECRET_USAGE_TYPE_LAST diff --git a/src/access/viraccessdriverpolkit.c b/src/access/viraccessdriverpolkit.c index 89bc890..97419df 100644 --- a/src/access/viraccessdriverpolkit.c +++ b/src/access/viraccessdriverpolkit.c @@ -338,6 +338,19 @@ virAccessDriverPolkitCheckSecret(virAccessManagerPtr manager, virAccessPermSecretTypeToString(perm), attrs);sample key secret ++ +key_example +