This small series contains the basic patches for adding a secrets object previously posted:
WIP: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg04748.html v2: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg05297.html v3: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06184.html The QCryptoSecret object provides a QOM object that allows passing secrets (passwords, encryption keys, etc) to QEMU in a secure manner, via an external file, or on the CLI or monitor with encryption. It also uses this to allow use of encrypted x509 keys with the TLS handling code. Changed in v4: - Changed base64 "bad data" tests to be clearer about what they are testing (Eric) - Change comment about @errp variable in qbase64_decode (Eric) - Document need to g_free result of qbase64_decode (Eric) - Remove dead code NULL terminating result of g_file_get_contents (Eric) - Replace g_new+memcpy with g_strdup (Eric) - Allow zero-length file for secrets (Eric) Changed in v3: - s/adhoc/ad hoc/ (Eric) - Fix mistake in unit test sample data (Eric) - Permit inclusion of newline in base64 and test it (Eric) - Switch to g_file_get_contents() instead of hand written equivalent (Eric) - Add missing conversion to qbase64_decode (Eric) Changed in v2: - Fix version tag in QAPI schema to be 2.6 (Eric) - Changed "echo -n" to "printf" (Eric) - Misc typo fixes (Eric) - Added a genmeric qbase64_decode() wrapper around g_base64_decode() that does error checking (Markus) - Convert callers of g_base64_decode() to qbase64_decode() to get error checking (Markus) Daniel P. Berrange (5): util: add base64 decoding function qemu-char: convert to use error checked base64 decode qga: convert to use error checked base64 decode crypto: add QCryptoSecret object class for password/key handling crypto: add support for loading encrypted x509 keys crypto/Makefile.objs | 1 + crypto/secret.c | 513 ++++++++++++++++++++++++++++++++++++++++++ crypto/tlscredsx509.c | 48 ++++ include/crypto/secret.h | 148 ++++++++++++ include/crypto/tlscredsx509.h | 1 + include/qemu/base64.h | 58 +++++ qapi-schema.json | 2 - qapi/crypto.json | 14 ++ qemu-char.c | 8 +- qemu-options.hx | 85 ++++++- qga/commands-posix.c | 11 +- qga/commands-win32.c | 11 +- qga/commands.c | 13 +- qmp-commands.hx | 2 - tests/.gitignore | 2 + tests/Makefile | 5 + tests/test-base64.c | 109 +++++++++ tests/test-crypto-secret.c | 452 +++++++++++++++++++++++++++++++++++++ util/Makefile.objs | 1 + util/base64.c | 60 +++++ 20 files changed, 1533 insertions(+), 11 deletions(-) create mode 100644 crypto/secret.c create mode 100644 include/crypto/secret.h create mode 100644 include/qemu/base64.h create mode 100644 tests/test-base64.c create mode 100644 tests/test-crypto-secret.c create mode 100644 util/base64.c -- 2.5.0