docs/formatstorageencryption.rst | 8 +++++--- src/conf/domain_validate.c | 12 ------------ src/qemu/qemu_block.c | 10 +++++++--- 3 files changed, 12 insertions(+), 18 deletions(-)
qemu add sm4 in release 9, but the name of sm4 doesn't have the key
length suffix, So set size to 0, construct cipher name without
key length as suffix.
In order to support the snapshot of encrypted disks, it remove
the restrictions about cipher names in XML
Signed-off-by: luzhipeng <luzhipeng@cestc.cn>
---
docs/formatstorageencryption.rst | 8 +++++---
src/conf/domain_validate.c | 12 ------------
src/qemu/qemu_block.c | 10 +++++++---
3 files changed, 12 insertions(+), 18 deletions(-)
diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst
index 066d285090..6cb8cf024c 100644
--- a/docs/formatstorageencryption.rst
+++ b/docs/formatstorageencryption.rst
@@ -75,11 +75,13 @@ initialization vector generation.
``name``
The name of the cipher algorithm used for data encryption, such as 'aes',
- 'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific
+ 'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific
algorithm is storage driver implementation dependent.
``size``
- The size of the cipher in bits, such as '256', '192', '128', etc. Support
- of the specific size for a specific cipher is hypervisor dependent.
+ The size of the cipher in bits, such as '256', '192', '128', '0', etc.
+ '0' indicates that the encryption algorithm name doesn't have key length
+ suffix. Support of the specific size for a specific cipher is hypervisor
+ dependent.
``mode``
An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc.
Support of the specific cipher mode is hypervisor dependent.
diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c
index 39b8d67928..b70edcaaa0 100644
--- a/src/conf/domain_validate.c
+++ b/src/conf/domain_validate.c
@@ -529,18 +529,6 @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src)
}
}
- if (src->encryption) {
- virStorageEncryption *encryption = src->encryption;
-
- if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS &&
- encryption->encinfo.cipher_name) {
-
- virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
- _("supplying <cipher> for domain disk definition is unnecessary"));
- return -1;
- }
- }
-
/* internal snapshots and config files are currently supported only with rbd: */
if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK &&
src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) {
diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c
index d6cdf521c4..ac55c077e9 100644
--- a/src/qemu/qemu_block.c
+++ b/src/qemu/qemu_block.c
@@ -2137,9 +2137,13 @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src,
if (src->encryption) {
if (src->encryption->encinfo.cipher_name) {
- cipheralg = g_strdup_printf("%s-%u",
- src->encryption->encinfo.cipher_name,
- src->encryption->encinfo.cipher_size);
+ if (src->encryption->encinfo.cipher_size) {
+ cipheralg = g_strdup_printf("%s-%u",
+ src->encryption->encinfo.cipher_name,
+ src->encryption->encinfo.cipher_size);
+ } else {
+ cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name)
+ }
}
if (virJSONValueObjectAdd(&props,
--
2.34.0.windows.1
© 2016 - 2024 Red Hat, Inc.