Re: [PATCH 02/13] qcrypto-luks: implement encryption key management

Wed, 05 Feb 2020 02:24:13 -0800 

On Wed, Feb 05, 2020 at 10:30:11AM +0100, Kevin Wolf wrote:
> Am 05.02.2020 um 09:24 hat Markus Armbruster geschrieben:
> > Daniel, Kevin, any comments or objections to the QAPI schema design
> > sketch developed below?
> > 
> > For your convenience, here's the result again:
> > 
> >     { 'enum': 'LUKSKeyslotState',
> >       'data': [ 'active', 'inactive' ] }
> >     { 'struct': 'LUKSKeyslotActive',
> >       'data': { 'secret': 'str',
> >                 '*iter-time': 'int } }
> >     { 'union': 'LUKSKeyslotAmend',
> >       'base': { '*keyslot': 'int',
> >                 'state': 'LUKSKeyslotState' }
> >       'discriminator': 'state',
> >       'data': { 'active': 'LUKSKeyslotActive' } }

We need 'secret' in the 'inactive' case too

> 
> I think one of the requirements was that you can specify the keyslot not
> only by using its number, but also by specifying the old secret. Trivial
> extension, you just get another optional field that can be specified
> instead of 'keyslot'.
> 
> Resulting commands:
> 
>     Adding a key:
>     qemu-img amend -o encrypt.keys.0.state=active,encrypt.keys.0.secret=sec0 
> test.qcow2
> 
>     Deleting a key:
>     qemu-img amend -o encrypt.keys.0.state=inactive,encrypt.keys.0.keyslot=2 
> test.qcow2

I think this is good as a design.

Expanding the examples to cover all scenarios we've discussed


  - Activating a new keyslot, auto-picking slot

     qemu-img amend -o encrypt.keys.0.state=active,\
                       encrypt.keys.0.secret=sec0 \
                    test.qcow2

    Must raise an error if no free slots


  - Activating a new keyslot, picking a specific slot

     qemu-img amend -o encrypt.keys.0.state=active,\
                       encrypt.keys.0.secret=sec0 \
                       encrypt.keys.0.keyslot=3 \
                    test.qcow2

    Must raise an error if slot is already active


  - Deactivating a old keyslot, auto-picking slot(s) from existing password

     qemu-img amend -o encrypt.keys.0.state=inactive,\
                       encrypt.keys.0.secret=sec0 \
                    test.qcow2

    Must raise an error if this would leave zero keyslots
    after processing.


  - Deactivating a old keyslot, picking a specific slot

     qemu-img amend -o encrypt.keys.0.state=inactive,\
                       encrypt.keys.0.keyslot=2 \
                    test.qcow2

    Always succeeds even if zero keyslots left.

Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|

Reply via email to