:p
atchew
Login
qemu add sm4 in release 9, but the name of sm4 doesn't have the key length suffix, So set size to 0, construct cipher name without key length as suffix. In order to support the snapshot of encrypted disks, it remove the restrictions about cipher names in XML Signed-off-by: luzhipeng <luzhipeng@cestc.cn> --- docs/formatstorageencryption.rst | 8 +++++--- src/conf/domain_validate.c | 12 ------------ src/qemu/qemu_block.c | 10 +++++++--- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/formatstorageencryption.rst +++ b/docs/formatstorageencryption.rst @@ -XXX,XX +XXX,XX @@ initialization vector generation. ``name`` The name of the cipher algorithm used for data encryption, such as 'aes', - 'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific + 'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific algorithm is storage driver implementation dependent. ``size`` - The size of the cipher in bits, such as '256', '192', '128', etc. Support - of the specific size for a specific cipher is hypervisor dependent. + The size of the cipher in bits, such as '256', '192', '128', '0', etc. + '0' indicates that the encryption algorithm name doesn't have key length + suffix. Support of the specific size for a specific cipher is hypervisor + dependent. ``mode`` An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc. Support of the specific cipher mode is hypervisor dependent. diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index XXXXXXX..XXXXXXX 100644 --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -XXX,XX +XXX,XX @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src) } } - if (src->encryption) { - virStorageEncryption *encryption = src->encryption; - - if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS && - encryption->encinfo.cipher_name) { - - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("supplying <cipher> for domain disk definition is unnecessary")); - return -1; - } - } - /* internal snapshots and config files are currently supported only with rbd: */ if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK && src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) { diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index XXXXXXX..XXXXXXX 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -XXX,XX +XXX,XX @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src, if (src->encryption) { if (src->encryption->encinfo.cipher_name) { - cipheralg = g_strdup_printf("%s-%u", - src->encryption->encinfo.cipher_name, - src->encryption->encinfo.cipher_size); + if (src->encryption->encinfo.cipher_size) { + cipheralg = g_strdup_printf("%s-%u", + src->encryption->encinfo.cipher_name, + src->encryption->encinfo.cipher_size); + } else { + cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name) + } } if (virJSONValueObjectAdd(&props, -- 2.34.0.windows.1
qemu add sm4 in release 9, but the name of sm4 doesn't have the key length suffix, So set size to 0, construct cipher name without key length as suffix. In order to support the snapshot of encrypted disks, it remove the restrictions about cipher names in XML Signed-off-by: luzhipeng <luzhipeng@cestc.cn> --- docs/formatstorageencryption.rst | 8 +++++--- src/conf/domain_validate.c | 12 ------------ src/qemu/qemu_block.c | 10 +++++++--- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/docs/formatstorageencryption.rst b/docs/formatstorageencryption.rst index XXXXXXX..XXXXXXX 100644 --- a/docs/formatstorageencryption.rst +++ b/docs/formatstorageencryption.rst @@ -XXX,XX +XXX,XX @@ initialization vector generation. ``name`` The name of the cipher algorithm used for data encryption, such as 'aes', - 'des', 'cast5', 'serpent', 'twofish', etc. Support of the specific + 'des', 'cast5', 'serpent', 'twofish', 'sm4', etc. Support of the specific algorithm is storage driver implementation dependent. ``size`` - The size of the cipher in bits, such as '256', '192', '128', etc. Support - of the specific size for a specific cipher is hypervisor dependent. + The size of the cipher in bits, such as '256', '192', '128', '0', etc. + '0' indicates that the encryption algorithm name doesn't have key length + suffix. Support of the specific size for a specific cipher is hypervisor + dependent. ``mode`` An optional cipher algorithm mode such as 'cbc', 'xts', 'ecb', etc. Support of the specific cipher mode is hypervisor dependent. diff --git a/src/conf/domain_validate.c b/src/conf/domain_validate.c index XXXXXXX..XXXXXXX 100644 B --- a/src/conf/domain_validate.c +++ b/src/conf/domain_validate.c @@ -XXX,XX +XXX,XX @@ virDomainDiskDefValidateSourceChainOne(const virStorageSource *src) } } - if (src->encryption) { - virStorageEncryption *encryption = src->encryption; - - if (encryption->format == VIR_STORAGE_ENCRYPTION_FORMAT_LUKS && - encryption->encinfo.cipher_name) { - - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", - _("supplying <cipher> for domain disk definition is unnecessary")); - return -1; - } - } - /* internal snapshots and config files are currently supported only with rbd: */ if (virStorageSourceGetActualType(src) != VIR_STORAGE_TYPE_NETWORK && src->protocol != VIR_STORAGE_NET_PROTOCOL_RBD) { diff --git a/src/qemu/qemu_block.c b/src/qemu/qemu_block.c index XXXXXXX..XXXXXXX 100644 --- a/src/qemu/qemu_block.c +++ b/src/qemu/qemu_block.c @@ -XXX,XX +XXX,XX @@ qemuBlockStorageSourceCreateGetEncryptionLUKS(virStorageSource *src, if (src->encryption) { if (src->encryption->encinfo.cipher_name) { - cipheralg = g_strdup_printf("%s-%u", - src->encryption->encinfo.cipher_name, - src->encryption->encinfo.cipher_size); + if (src->encryption->encinfo.cipher_size) { + cipheralg = g_strdup_printf("%s-%u", + src->encryption->encinfo.cipher_name, + src->encryption->encinfo.cipher_size); + } else { + cipheralg = g_strdup_printf("%s", src->encryption->encinfo.cipher_name); + } } if (virJSONValueObjectAdd(&props, -- 2.34.0.windows.1