From nobody Fri Nov 21 10:01:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763041115; cv=none; d=zohomail.com; s=zohoarc; b=LBrIaLE9gYyxFG23ZpSdhlHbz1JpX0wku820g655jpZhxiPMZFYcvGfi7xitcpX/UTC8jdP4oaqqoAq/kw3hPUHLPLRN5fpJk6qOUIYvucnyrYkcTPCnV99VHQDQDohIrT7z2MkWr9tAXovA+3J0+y+oyCqIVXkK5iXvgolh6YI= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763041115; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=; b=oF2aWmg1Do5Rdm0xnjYan+sBdqUK5TNcdBqGC45tHbYV0Yjczx2ZZOkHJ3p0JCbo8YRsWZjXDJl/bQXDEfGL7oasmaqxLFO8jj6cm8BOI3gtJM3HdlDWG80QhkUuZ0Qc/0ASe9NBbbW6Gjf4leG14kkuxrzhMbmDrX7Qb1D38S8= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763041115387393.0080828614423; Thu, 13 Nov 2025 05:38:35 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 561E84454D; Thu, 13 Nov 2025 08:38:34 -0500 (EST) Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 829B944566; Thu, 13 Nov 2025 08:36:50 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id C8CE0441B0; Thu, 13 Nov 2025 08:32:43 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id CC3AD44185 for ; Thu, 13 Nov 2025 08:32:42 -0500 (EST) Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com [209.85.214.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-101-5W-xG4_fOheVw8zBeFgYAQ-1; Thu, 13 Nov 2025 08:32:41 -0500 Received: by mail-pl1-f198.google.com with SMTP id d9443c01a7336-29848363458so19654575ad.2 for ; Thu, 13 Nov 2025 05:32:40 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.242]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7b927151380sm2373676b3a.38.2025.11.13.05.32.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 05:32:38 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763040762; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=; b=UUnk9LaJUW7tmV52arpKE98jZjZr9DlMj9uSxrX2vAXv6MuZfFkD/XJeNVOoUuxBVCQB18 9OHD4PZ4RMvr3NEvC4iwhohNTkEX7tJIbh0tBeMfvs1jnsysTXMoWI0Dx50n224gbMtwiF Gx2XC8BpS5wEISeP259eM1Gxs9JMbT0= X-MC-Unique: 5W-xG4_fOheVw8zBeFgYAQ-1 X-Mimecast-MFC-AGG-ID: 5W-xG4_fOheVw8zBeFgYAQ_1763040760 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763040760; x=1763645560; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=b7J/Q7xo4r7mDsz2T7s1WApqmEwhBBYU9WSa5sQwhRo=; b=lGcyl8Uh2ECzLOzqaGmb91jNfYhHnxbRHICiaiI1tqXTJr5+ju7p4gd8M83ug39qaW Zwp0LLfkkWJbCpw9UO7wMsOPUss+Jjcss0uacLRne455YYCaUU7vuoCCMptOlPQV1tro PbmnL6AJ5YTQg8NtKpUqs5mXY5gcgY9U55VB6RBeQEduRCjL+WvrseflxdMwMT9Bzdvk B8gAvI3spwgKcw9TakAJb1z/lNXrw9NwYr/SxH1zJdQdBGEjQpatKJG23MSZkPngHvof hneibCMY11wEV6u6sxyfDSSEjjITE6E+IK9B/5a4lfPH4d5XrEYo6F8N0tunmJ53KWmu N3ng== X-Gm-Message-State: AOJu0Yz2bTmHjHzzabjt6zWbyZAflFzocQFRSkWStVYTo87AYu2NO8Ms xY+fn8XlLH1Piz3EDsHJA3H1lRGaGijYp0y5A5tShN8RGjZXFSjZ62ji7+BufyA0B/co4+GPiLe F3WSme+4NnGY5xyeCpX6hb2YohTQsHFUtKIJzzh1/5g7eXQG5z7sqOQY7bgRRUBCzYIw3j0uoQn u3m1JRWdiVWcyw6BQcHG2axaDRZNJBs60FT1iNNpxgqg== X-Gm-Gg: ASbGnctSG6vPW2rHOeSqRTHJLwJ3r3R2oqPsaCEUMldMUFkQNlzTb8XZIkkoC0p3VIZ nGwS+Y9DCyrJ27wxRjjkpyMPOsw0AzImHTVGC5L6XAWgFjWudjwrWWOkK1HvtumeAlVY1O8DhOY wulwzADN4tqYObkFSN7huzazEWK2CVKZ5XM4hmI+VSfY4FN5DDITEPsZH9EHIol7fpALJM7QMQ2 xZhdGczYVHKCwhSO4BvjAeuiU/2pWY0o036qrsZwczK8JPiPc5dC6OVYXsVNEbVs9/6vs6C+2zQ 83nmBIWarfwalM7edb1xdjRs3y4Q8KLyxhTnH0fDhcjhTQEdV6TOaQsz/D137DbWgACt31apjI/ qsTfmqQkhVwSViFdRu0GnYNMturPTPXioDx9akv/hRFJBn2g= X-Received: by 2002:a17:902:ce06:b0:290:ac36:2ed6 with SMTP id d9443c01a7336-2984ed929eamr82261615ad.14.1763040759605; Thu, 13 Nov 2025 05:32:39 -0800 (PST) X-Google-Smtp-Source: AGHT+IHOkPs2cxStZ8w+RNR460k6ifvAmPGs2QVetWFJBnm2fCJlF/TCmQ3B/+PfBWXi5ZqgA6pzjw== X-Received: by 2002:a17:902:ce06:b0:290:ac36:2ed6 with SMTP id d9443c01a7336-2984ed929eamr82261135ad.14.1763040758979; Thu, 13 Nov 2025 05:32:38 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC 1/4] util: Add support for GnuTLS decryption Date: Thu, 13 Nov 2025 19:02:20 +0530 Message-ID: <20251113133223.32729-2-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251113133223.32729-1-armenon@redhat.com> References: <20251113133223.32729-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: KTRziX0oNdycSxXSRF0rO9BC10zIM8jzkZiJCmPKgt0_1763040760 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 5OD6HAND5YF54P22G62ZWSMVIUVGVLZU X-Message-ID-Hash: 5OD6HAND5YF54P22G62ZWSMVIUVGVLZU X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon , =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763041128524153000 Content-Type: text/plain; charset="utf-8"; x-default="true" Adds `virCryptoDecryptDataAESgnutls` and `virCryptoDecryptData` as wrapper functions for GnuTLS decryption. These functions are the inverse of the existing GnuTLS encryption wrappers. This commit also includes a corresponding test case to validate data decryp= tion. Signed-off-by: Arun Menon --- src/libvirt_private.syms | 1 + src/util/vircrypto.c | 130 ++++++++++++++++++++++++++++++++++++++- src/util/vircrypto.h | 8 +++ tests/vircryptotest.c | 65 ++++++++++++++++++++ 4 files changed, 202 insertions(+), 2 deletions(-) diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index fb482fff40..fc5fdb00f4 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -2252,6 +2252,7 @@ virConfWriteMem; =20 =20 # util/vircrypto.h +virCryptoDecryptData; virCryptoEncryptData; virCryptoHashBuf; virCryptoHashString; diff --git a/src/util/vircrypto.c b/src/util/vircrypto.c index 3ce23264ca..e0d2b794a1 100644 --- a/src/util/vircrypto.c +++ b/src/util/vircrypto.c @@ -98,7 +98,7 @@ virCryptoHashString(virCryptoHash hash, } =20 =20 -/* virCryptoEncryptDataAESgntuls: +/* virCryptoEncryptDataAESgnutls: * * Performs the AES gnutls encryption * @@ -200,7 +200,7 @@ virCryptoEncryptData(virCryptoCipher algorithm, { switch (algorithm) { case VIR_CRYPTO_CIPHER_AES256CBC: - if (enckeylen !=3D 32) { + if (enckeylen < 32) { virReportError(VIR_ERR_INVALID_ARG, _("AES256CBC encryption invalid keylen=3D%1$zu"= ), enckeylen); @@ -233,3 +233,129 @@ virCryptoEncryptData(virCryptoCipher algorithm, _("algorithm=3D%1$d is not supported"), algorithm); return -1; } + +/* virCryptoDecryptDataAESgnutls: + * + * Performs the AES gnutls decryption + * + * Same input as virCryptoDecryptData, except the algorithm is replaced + * by the specific gnutls algorithm. + * + * Decrypts the @data buffer using the @deckey and if available the @iv + * + * Returns 0 on success with the plaintext being filled. It is the + * caller's responsibility to clear and free it. Returns -1 on failure + * w/ error set. + */ +static int +virCryptoDecryptDataAESgnutls(gnutls_cipher_algorithm_t gnutls_dec_alg, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintextret, + size_t *plaintextlenret) +{ + int rc; + size_t i; + gnutls_cipher_hd_t handle =3D NULL; + gnutls_datum_t dec_key =3D { .data =3D deckey, .size =3D deckeylen }; + gnutls_datum_t iv_buf =3D { .data =3D iv, .size =3D ivlen }; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen; + + if ((rc =3D gnutls_cipher_init(&handle, gnutls_dec_alg, + &dec_key, &iv_buf)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to initialize cipher: '%1$s'"), + gnutls_strerror(rc)); + return -1; + } + + plaintext =3D g_memdup2(data, datalen); + plaintextlen =3D datalen; + + rc =3D gnutls_cipher_decrypt(handle, plaintext, plaintextlen); + gnutls_cipher_deinit(handle); + if (rc < 0) { + virSecureErase(plaintext, plaintextlen); + virReportError(VIR_ERR_INTERNAL_ERROR, + _("failed to decrypt the data: '%1$s'"), + gnutls_strerror(rc)); + return -1; + } + if (plaintextlen =3D=3D 0) { + virSecureErase(plaintext, plaintextlen); + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("decrypted data has zero length")); + return -1; + } + i =3D plaintext[plaintextlen - 1]; + if (i > plaintextlen) { + virSecureErase(plaintext, plaintextlen); + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", + _("decrypted data has invalid padding")); + return -1; + } + *plaintextlenret =3D plaintextlen - i; + *plaintextret =3D g_steal_pointer(&plaintext); + return 0; +} + +/* virCryptoDecryptData: + * @algorithm: algorithm desired for decryption + * @deckey: decryption key + * @deckeylen: decryption key length + * @iv: initialization vector + * @ivlen: length of initialization vector + * @data: data to decrypt + * @datalen: length of data + * @plaintext: stream of bytes allocated to store plaintext + * @plaintextlen: size of the stream of bytes + * Returns 0 on success, -1 on failure with error set + */ +int +virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, + size_t deckeylen, + uint8_t *iv, + size_t ivlen, + uint8_t *data, + size_t datalen, + uint8_t **plaintext, + size_t *plaintextlen) +{ + switch (algorithm) { + case VIR_CRYPTO_CIPHER_AES256CBC: + if (deckeylen < 32) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC decryption invalid keylen=3D%1$zu= "), + deckeylen); + return -1; + } + if (ivlen !=3D 16) { + virReportError(VIR_ERR_INVALID_ARG, + _("AES256CBC initialization vector invalid len= =3D%1$zu"), + ivlen); + return -1; + } + /* + * Decrypt the data buffer using a decryption key and + * initialization vector via the gnutls_cipher_decrypt API + * for GNUTLS_CIPHER_AES_256_CBC. + */ + return virCryptoDecryptDataAESgnutls(GNUTLS_CIPHER_AES_256_CBC, + deckey, deckeylen, iv, ivlen, + data, datalen, + plaintext, plaintextlen); + case VIR_CRYPTO_CIPHER_NONE: + case VIR_CRYPTO_CIPHER_LAST: + break; + } + + virReportError(VIR_ERR_INVALID_ARG, + _("algorithm=3D%1$d is not supported"), algorithm); + return -1; +} diff --git a/src/util/vircrypto.h b/src/util/vircrypto.h index 5f079ac335..2e8557839d 100644 --- a/src/util/vircrypto.h +++ b/src/util/vircrypto.h @@ -61,3 +61,11 @@ int virCryptoEncryptData(virCryptoCipher algorithm, uint8_t **ciphertext, size_t *ciphertextlen) ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; + +int virCryptoDecryptData(virCryptoCipher algorithm, + uint8_t *deckey, size_t deckeylen, + uint8_t *iv, size_t ivlen, + uint8_t *data, size_t datalen, + uint8_t **plaintext, size_t *plaintextlen) + ATTRIBUTE_NONNULL(2) ATTRIBUTE_NONNULL(6) + ATTRIBUTE_NONNULL(8) ATTRIBUTE_NONNULL(9) G_GNUC_WARN_UNUSED_RESULT; diff --git a/tests/vircryptotest.c b/tests/vircryptotest.c index 9ffe70756e..864fa8838d 100644 --- a/tests/vircryptotest.c +++ b/tests/vircryptotest.c @@ -62,6 +62,14 @@ struct testCryptoEncryptData { size_t ciphertextlen; }; =20 +struct testCryptoDecryptData { + virCryptoCipher algorithm; + uint8_t *input; + size_t inputlen; + uint8_t *plaintext; + size_t plaintextlen; +}; + static int testCryptoEncrypt(const void *opaque) { @@ -101,6 +109,44 @@ testCryptoEncrypt(const void *opaque) return 0; } =20 +static int +testCryptoDecrypt(const void *opaque) +{ + const struct testCryptoDecryptData *data =3D opaque; + g_autofree uint8_t *deckey =3D NULL; + size_t deckeylen =3D 32; + g_autofree uint8_t *iv =3D NULL; + size_t ivlen =3D 16; + g_autofree uint8_t *plaintext =3D NULL; + size_t plaintextlen =3D 0; + + deckey =3D g_new0(uint8_t, deckeylen); + iv =3D g_new0(uint8_t, ivlen); + + if (virRandomBytes(deckey, deckeylen) < 0 || + virRandomBytes(iv, ivlen) < 0) { + fprintf(stderr, "Failed to generate random bytes\n"); + return -1; + } + + if (virCryptoDecryptData(data->algorithm, deckey, deckeylen, iv, ivlen, + data->input, data->inputlen, + &plaintext, &plaintextlen) < 0) + return -1; + + if (data->plaintextlen !=3D plaintextlen) { + fprintf(stderr, "Expected plaintexlen(%zu) doesn't match (%zu)\n", + data->plaintextlen, plaintextlen); + return -1; + } + + if (memcmp(data->plaintext, plaintext, plaintextlen)) { + fprintf(stderr, "Expected plaintext doesn't match\n"); + return -1; + } + + return 0; +} =20 static int mymain(void) @@ -155,7 +201,26 @@ mymain(void) =20 #undef VIR_CRYPTO_ENCRYPT =20 +#define VIR_CRYPTO_DECRYPT(a, n, i, il, c, cl) \ + do { \ + struct testCryptoDecryptData data =3D { \ + .algorithm =3D a, \ + .input =3D i, \ + .inputlen =3D il, \ + .plaintext =3D c, \ + .plaintextlen =3D cl, \ + }; \ + if (virTestRun("Decrypt " n, testCryptoDecrypt, &data) < 0) \ + ret =3D -1; \ + } while (0) + + VIR_CRYPTO_DECRYPT(VIR_CRYPTO_CIPHER_AES256CBC, "aes256cbc", + expected_ciphertext, 16, secretdata, 7); + +#undef VIR_CRYPTO_DECRYPT + return ret =3D=3D 0 ? EXIT_SUCCESS : EXIT_FAILURE; + } =20 /* Forces usage of not so random virRandomBytes */ --=20 2.51.1 From nobody Fri Nov 21 10:01:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763041203; cv=none; d=zohomail.com; s=zohoarc; b=ItTTH9vMfAiWhhaxd0YEYx1w3tjq5o4Dx85EcEQOvsm2owTkWWyks0/LllDDKuesZKJmyvZDhnJR5RaNe8BzdRbZaIiVBY9VX9FJ3LCPZZNtbfe5CU3SXeRWBLXPMhfsOYEwrY73WZSLUT4ybvpaNxSRPm+rd7eyTc/CA4/9ERM= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763041203; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=Ntlrc08fNoEdlgcfvxdvcYzJvc0AJAWYhAq1LDiI+OA=; b=Zfrd/bSiDJygI3ltKj3tXhC2COgjJmiB9/yasnXYpOQd3Rc4tw3eU0S1dy8FQeBSn79XTPrUaWNyoQP+8D1Fz8umizDBcCdM3EXoPbTJHoegkAxCoFDppC12r68hAWr6uJj0fJK10XY2Ijv39IyZ8iapAJ9lTXk6/Xmw/WSFDtE= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763041203417675.902903499372; Thu, 13 Nov 2025 05:40:03 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 60FFB448B0; Thu, 13 Nov 2025 08:40:02 -0500 (EST) Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 5AAC144920; Thu, 13 Nov 2025 08:37:10 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id BC05E44185; Thu, 13 Nov 2025 08:32:46 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id B6DEA441AE for ; Thu, 13 Nov 2025 08:32:45 -0500 (EST) Received: from mail-pf1-f200.google.com (mail-pf1-f200.google.com [209.85.210.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-313-woZOZD0fMNuIdX3928MLtw-1; Thu, 13 Nov 2025 08:32:44 -0500 Received: by mail-pf1-f200.google.com with SMTP id d2e1a72fcca58-7b5d4e1de6dso846127b3a.0 for ; Thu, 13 Nov 2025 05:32:43 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.242]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7b927151380sm2373676b3a.38.2025.11.13.05.32.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 05:32:40 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763040765; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Ntlrc08fNoEdlgcfvxdvcYzJvc0AJAWYhAq1LDiI+OA=; b=cMwUixXjgoyp1DPbUN7e7CDo+UeWuH1l0xeIKF7u6CTC4n8AJs7l/L+qsfbG8tePmKu5fw rU+1um5R/bHrjS4ODRA2i1CLuOO78n7Oq1S288wEQderesTl9VS2TVh//r1VBK7vhwxLUY Etpibw9b+kvxruhlAhL7nFeMLCKl9YY= X-MC-Unique: woZOZD0fMNuIdX3928MLtw-1 X-Mimecast-MFC-AGG-ID: woZOZD0fMNuIdX3928MLtw_1763040763 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763040763; x=1763645563; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=Ntlrc08fNoEdlgcfvxdvcYzJvc0AJAWYhAq1LDiI+OA=; b=DcTeqluqMHwqVVX4M6PLQ6OCnPRHt46d0TBscWDbARBbvDjU2ivtL2AEpq0Fb1GT2X 9wl2wC3vC50kLOSGcKnahxmeCfgY7+lJ02gQIz0L0tcwp7ai1hsm9klsXperHq7vyoPv uB0KHhORZRZJrJW8RKzZ79TlDirz4i2FlensI+TBZqW5UCsYJScbCDX5C/WKG/Tu7NUi or9PxDVLZbH9sjlATYnfpoVijmUMIvbfQtBGsQJwCAsXwegwmhzTMDZrP09UeAfmmpdq OUm17Vd7PuV69d+PO6gOh2aykL6glkX7byREIo2YrxmLKjYhj1IbT9dKdij5qVfVJT0+ aUVQ== X-Gm-Message-State: AOJu0YzwW+sGJmwUr+O3Jlc88U5y4jc+wjk0AeP3BYIGcDwPlHYihlK0 2mskbGdwlec9NAi98FeslF0DQ/UDUlyfSzTNsFvfX7ZAmDBK0iixTmiTA5KRXOYRVz974l27/gz 2wwGvHyW60O32iDr8ytbfHDGSmB/DZjEfUI+EaDRkqUskE0HPGKz44HNpw9tYF/GQiLIasHXKUB r2oH/6bXB6iNwBhaG1QZlbCvRz4ifPSevQaeaP0xiqNA== X-Gm-Gg: ASbGncvw1TFBPrLflZPgiv9bcRmhLndYmA0IxF6/yVyMOi2Oi+/cz/4ixcIbrKA8T7p jkfleyI1VnODnwct4e2lSRzgW3FVr3I4v41o4Pc7YDkIEX9UqQOroVlCF3b73ejJjZPYZ3Lbq7r X6SNEbQG4KuMC9YlqCMsGG75VuRTWI8QZIhrF5tiaITGon9c3dka2KeuSDKzWfPnbQq8raBbTYj cmiRi6/hF/FBshM12b9SR/zDmyjdhwSpx77CtzdKuvAq8ejqbRsP6B7TlLqCUmkgEp4vHZ1ZTcM Ce0AZ93d9J4BkDppZ0xuJeA3jr7LlQGrxspLZYpFquIxRv5O3PKxzP1w0e6OmtBO4kMqcg1TpE0 b58IYF3OCKlP3VNx6Ixzet3R6RT0uzsZx/oJnsBsQ4TsRQ88= X-Received: by 2002:a05:6a20:9389:b0:33f:4e3d:aff3 with SMTP id adf61e73a8af0-3590988b2e6mr9548163637.24.1763040762656; Thu, 13 Nov 2025 05:32:42 -0800 (PST) X-Google-Smtp-Source: AGHT+IFbgFP/ByT0n820FhiNUStEeu5PZbIOfyhxcXCJbqrKeZvp5jGEV+vwRn8Ov+LNSBoWTkm2fw== X-Received: by 2002:a05:6a20:9389:b0:33f:4e3d:aff3 with SMTP id adf61e73a8af0-3590988b2e6mr9548113637.24.1763040762061; Thu, 13 Nov 2025 05:32:42 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC 2/4] secret: Set up default encrypted master key for the virtsecretd service Date: Thu, 13 Nov 2025 19:02:21 +0530 Message-ID: <20251113133223.32729-3-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251113133223.32729-1-armenon@redhat.com> References: <20251113133223.32729-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: rqW9_vsmGYsWnFd4IKaSNMEkmmtYLawNu-Wcj23P-ao_1763040763 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 4FDHTS2UPS22VMSLRCTNQ6WZ75VB2LTZ X-Message-ID-Hash: 4FDHTS2UPS22VMSLRCTNQ6WZ75VB2LTZ X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon , =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763041213902158501 Content-Type: text/plain; charset="utf-8"; x-default="true" This commit sets the foundation for encrypting the libvirt secrets by provi= ding a secure way to pass a master encryption key to the virtsecretd service. Add a default, pre-generated, master encryption key to the credentials, that can be consumed by the virtsecretd service. By using the "SetCredentialEncrypted=3D" directive, we make sure that passi= ng data to the service is secure. The virtsecretd service can then read the key from CREDENTIALS_DIRECTORY. [= 1] This setup therefore provides a default key out-of-the-box for initial use. Users can customize this setting, by replacing the default encrypted string with their own. A subsequent commit will introduce the logic for virtsecretd to access and use this key via the $CREDENTIALS_DIRECTORY environment varia= ble. [2] In order to add the default encryption key, a random 32 byte key was genera= ted and encrypted: dd if=3D/dev/urandom of=3D/tmp/master.key bs=3D1 count=3D32 systemd-creds encrypt --name=3Dmaster-encryption-key -p /tmp/master.key - This generates a SetCredentialEncrypted=3D line suitable for inclusion in t= he unit file. [1] https://www.freedesktop.org/software/systemd/man/latest/systemd-creds.h= tml [2] https://systemd.io/CREDENTIALS/ Signed-off-by: Arun Menon --- src/secret/virtsecretd.service.extra.in | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/src/secret/virtsecretd.service.extra.in b/src/secret/virtsecre= td.service.extra.in index 1fc8c672f7..0f65bc3bb1 100644 --- a/src/secret/virtsecretd.service.extra.in +++ b/src/secret/virtsecretd.service.extra.in @@ -1,2 +1,10 @@ # The contents of this unit will be merged into a base template. # Additional units might be merged as well. See meson.build for details. +# +[Service] +Environment=3DMASTER_ENCRYPTION_KEY=3D%d/master-encryption-key +SetCredentialEncrypted=3Dmaster-encryption-key: \ + Whxqht+dQJax1aZeCGLxmiAAAAABAAAADAAAABAAAAD9m5CsEfoZf8Lj/dQAAAAAFS= vJ7 \ + eSEmqQthu+A4Eqn4vEKp6jx7ScbcM98bcW5Do0K9V0eTPWD+eNJJrB+xS/MAklo3rk= f0S \ + 7n7rXk8SQZ0FQ5Uv8ZoOuidWPHHiLZGS9bxAJwTZvN/VX+pe+biC16 +LoadCredentialEncrypted=3Dmaster-encryption-key --=20 2.51.1 From nobody Fri Nov 21 10:01:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763041311; cv=none; d=zohomail.com; s=zohoarc; b=U2bOyuCj6E1rH/32Ka6QN3/nSDaEZAbh3ayfliMQDmKwESVsmh6GyKVC1N4pFsMy+MahkFXs1w0Hi199WvSlg1oJcTy/xrOVrIRr+RvtwMN03vcd7csdD95XlSbolHq//9R/3m0r9EAeo5qLX7eyWg0vH0g5m+CaUNDLjbAVq2g= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763041311; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=GfMrNrn83CjwREA5Jq72wAnEHdOto5oQeIKYRrBeHM8=; b=Z852MfdRlkDs+vUnf7dQ3WFbxpx6QXrA/b4mHdC5TudpkMWbU4LK/0mj6NUfZSHm2AcvIft9KQ5aE0W71TKntXarLu6nydDDT31b90lNk4t0fMQVQOZwFRljwoXK6LZuDiwY3IxTxAAHErUX8bHoOQoSnZmt1g2vLdNKkgVzfwU= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763041311340676.8380981247631; Thu, 13 Nov 2025 05:41:51 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id DDCDB446B0; Thu, 13 Nov 2025 08:41:49 -0500 (EST) Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 53EFC449A0; Thu, 13 Nov 2025 08:38:32 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 5A59243E51; Thu, 13 Nov 2025 08:32:55 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 93518441AE for ; Thu, 13 Nov 2025 08:32:49 -0500 (EST) Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-569-YrLQ86DAMP-rb8B3RYfzxg-1; Thu, 13 Nov 2025 08:32:48 -0500 Received: by mail-pf1-f199.google.com with SMTP id d2e1a72fcca58-7b8ed43cd00so1007492b3a.2 for ; Thu, 13 Nov 2025 05:32:47 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.242]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7b927151380sm2373676b3a.38.2025.11.13.05.32.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 05:32:44 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763040769; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=GfMrNrn83CjwREA5Jq72wAnEHdOto5oQeIKYRrBeHM8=; b=Pz1OLznlVzcfQuUjz+6K2Ns3RuMMk/7QheXxgZJAqNemi+pIgq4KlrMqg9ULosjFF9Csbh hr9FaPMQ5bvXVaUKuBUCkh5X/rl+gZgGo/7M/LFg9pFWdAOdc2Bm+MbMYoDJ9sznBWB/Dx sHPU/ukdyl3xfBxZHcGmXehcWXt608E= X-MC-Unique: YrLQ86DAMP-rb8B3RYfzxg-1 X-Mimecast-MFC-AGG-ID: YrLQ86DAMP-rb8B3RYfzxg_1763040767 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763040767; x=1763645567; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=GfMrNrn83CjwREA5Jq72wAnEHdOto5oQeIKYRrBeHM8=; b=pLPRKkZhCkBIc5p5dT5C+cAcaHHe/wzkLhuQVVY0vlAgmlPzD7FqmyVnilIn/J1JMK l/HC4sY2JboPy+d5vvgz3Cx5pxL00gr9PLqA70so6kM73A7HtlNLsrAZn1r7+t2lfZiw fTZtlAZ2D7KSew0wOoaGIyMOh6JRF249Gk5JikL+rvwmd0R4/rzUGXt6qKSZSLyX1P4E zLrbwhmquYMKg9XriPWt2DZcjwPTSMlq0FkvjBZs3tV27/CYHuqfpP+9rFlRcqroqIsV +lPxK1Mqug2WU6AgfSeM6dwDBrl/VFOQ+mkNXEwTMBs7DYS9vbb/JZuMmPzO7Yoe/cJP kPKg== X-Gm-Message-State: AOJu0YxKwN+pl49eoYyddJS+G77Dx1qFiwBsg+2HOTG5YPrKpoAcJuKZ 7Ncff3MikZAkyPkUikvl9RRxvFk+lO0YlRVmN4a7EQ7LOOi/jdL3uWxbjtCxaIoXdHKmOir/OjO vQTcpTCUE2SIndhQzrlOnQ+neKK/YpzfuLdkYu4pRIyQfy55VSIqkiqhmLtKXtPAS9HuZwu87b8 AWRpR+LwI+4dyBHY+gBTyWpSW8GJJCAwRNcQSwh05jbA== X-Gm-Gg: ASbGncsi5/WC2JFhTmYisSe8+a7d7JWZqjtBtq86Swi1vuowrtnYu8Bm00zOGAtTnpZ 5/bLN/4tX8BDEJ27CYrc7AXRJ67l51m8RCDoIsVnauEuqayf1Xv8YuWN+G86fCvR7H2fkz7TuxR ofVw49V9qClrxYVayYUCkA75w6M7FucYVDp35Ra1IhmrC/uE8N74d5e+kl+4vbtSn5gMSI5BKCf Dgd11b5Nb3iEyH4RCqZ8Mw4J6SiwUkc1JvNLxT/l201xllEEB2F+j8/A5nN4WlsF4Gz1ywAvr88 7pFNa6Tlwz/VwNgS9s3vxsZCuLGnUDCvZZSmmaOWVUpGXWyFBldyRYrjG07+979x5tDzJtObA6Z DorL/OspiA/OjfSSGOddQ8hY0Ip4t+X+8eMwQphsQcLIXdN4= X-Received: by 2002:a05:6a00:929d:b0:7ab:995a:46b0 with SMTP id d2e1a72fcca58-7b7a4af9cb5mr8321233b3a.15.1763040766454; Thu, 13 Nov 2025 05:32:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IE3BgzUXh2RYEkwyWMdX5LX35GiAoEwP6NCmIhxEyoeI8lUR9LepyI0Cnh1o6kwuMtzYr/waQ== X-Received: by 2002:a05:6a00:929d:b0:7ab:995a:46b0 with SMTP id d2e1a72fcca58-7b7a4af9cb5mr8321185b3a.15.1763040765880; Thu, 13 Nov 2025 05:32:45 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC 3/4] secret: Add secrets.conf configuration file and parse it Date: Thu, 13 Nov 2025 19:02:22 +0530 Message-ID: <20251113133223.32729-4-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251113133223.32729-1-armenon@redhat.com> References: <20251113133223.32729-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: veSqYv3RFKxHl_11AXu61PUfrzidZJxMIZDEeXHyJUY_1763040767 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: ZXFISEZOEIB3Y6I3PG6OSJIODI6JE2D4 X-Message-ID-Hash: ZXFISEZOEIB3Y6I3PG6OSJIODI6JE2D4 X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon , =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763041321297153000 Content-Type: text/plain; charset="utf-8"; x-default="true" A new configuration file called secrets.conf is introduced to let the user configure the path to the master encryption key. This key will be used to encrypt/decrypt the secrets in libvirt. By default the path is set to the runtime directory /run/libvirt/secrets, and it is commented in the config file. The virtsecretd driver checks if the credentials are available in the CREDENTIALS_DIRECTORY. In case it is not present, then the user is expected to provide the encryption key path in secrets.conf Add logic to parse the encryption key file and store the key. When systemd will start the secrets driver, it will read the secret.conf file and check if encrypt_data flag is set to 1. In that case, the secrets will be stored in encrypted format on the disk. The encryption and decrypti= on logic will be added in the subsequent patches. Signed-off-by: Arun Menon --- libvirt.spec.in | 1 + src/secret/meson.build | 7 +++ src/secret/secret_driver.c | 96 ++++++++++++++++++++++++++++++++++++++ src/secret/secrets.conf.in | 14 ++++++ 4 files changed, 118 insertions(+) create mode 100644 src/secret/secrets.conf.in diff --git a/libvirt.spec.in b/libvirt.spec.in index 79738bd7bb..f27247b7c1 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -2246,6 +2246,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/virtsecretd.conf %{_datadir}/augeas/lenses/virtsecretd.aug %{_datadir}/augeas/lenses/tests/test_virtsecretd.aug +%config(noreplace) %{_sysconfdir}/libvirt/secrets.conf %{_unitdir}/virtsecretd.service %{_unitdir}/virtsecretd.socket %{_unitdir}/virtsecretd-ro.socket diff --git a/src/secret/meson.build b/src/secret/meson.build index 3b859ea7b4..a211ffed83 100644 --- a/src/secret/meson.build +++ b/src/secret/meson.build @@ -27,6 +27,13 @@ if conf.has('WITH_SECRETS') ], } =20 + secrets_conf =3D configure_file( + input: 'secrets.conf.in', + output: 'secrets.conf', + copy: true + ) + virt_conf_files +=3D secrets_conf + virt_daemon_confs +=3D { 'name': 'virtsecretd', } diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 04c3ca49f1..0b415e5ef3 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -42,6 +42,7 @@ #include "secret_event.h" #include "virutil.h" #include "virinhibitor.h" +#include "virfile.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -70,6 +71,17 @@ struct _virSecretDriverState { =20 /* Immutable pointer, self-locking APIs */ virInhibitor *inhibitor; + + /* master encryption key value from secret.conf file */ + char *masterKeyPath; + + /* Indicates if the secrets are encrypted or not. 0 if not encrypted + * and 1 if encrypted. + */ + int encrypt_data; + + unsigned char* masterKey; + size_t masterKeyLen; }; =20 static virSecretDriverState *driver; @@ -307,6 +319,44 @@ secretGetXMLDesc(virSecretPtr secret, return ret; } =20 +static bool secretGetMasterKey(uint8_t **masterKey, size_t *masterKeyLen) +{ + int fd =3D -1; + struct stat st; + + if ((fd =3D open(driver->masterKeyPath, O_RDONLY)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, _("Cannot open master key f= ile '%1$s'"), + driver->masterKeyPath); + return false; + } + if (fstat(fd, &st) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, _("Cannot stat master key f= ile '%1$s'"), + driver->masterKeyPath); + VIR_FORCE_CLOSE(fd); + return false; + } + *masterKeyLen =3D st.st_size; + if (*masterKeyLen =3D=3D 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, _("Master encryption key fi= le %1$s is empty"), + driver->masterKeyPath); + VIR_FORCE_CLOSE(fd); + return false; + } + *masterKey =3D g_new0(uint8_t, *masterKeyLen); + if (saferead(fd, &masterKey, *masterKeyLen) !=3D *masterKeyLen) { + virReportError(VIR_ERR_INTERNAL_ERROR, _("Cannot read master key f= ile '%1$s'"), + driver->masterKeyPath); + VIR_FORCE_CLOSE(fd); + return false; + } + VIR_FORCE_CLOSE(fd); + if (*masterKeyLen < 32) { + virReportError(VIR_ERR_INTERNAL_ERROR, _("Master encryption key fi= le %1$s must be atleast 32 bytes"), + driver->masterKeyPath); + return false; + } + return true; +} =20 static int secretSetValue(virSecretPtr secret, @@ -482,6 +532,10 @@ secretStateInitialize(bool privileged, void *opaque) { VIR_LOCK_GUARD lock =3D virLockGuardLock(&mutex); + g_autofree char *secretsconf =3D NULL; + g_autofree char *credentials_directory =3D NULL; + g_autofree char *master_encryption_key_path =3D NULL; + g_autoptr(virConf) conf =3D NULL; =20 driver =3D g_new0(virSecretDriverState, 1); =20 @@ -537,6 +591,48 @@ secretStateInitialize(bool privileged, if (virSecretLoadAllConfigs(driver->secrets, driver->configDir) < 0) goto error; =20 + secretsconf =3D g_strdup_printf("%s/libvirt/secrets.conf", SYSCONFDIR); + credentials_directory =3D getenv("CREDENTIALS_DIRECTORY"); + + if (credentials_directory) { + VIR_DEBUG("Using credentials directory from environment: %s", + credentials_directory); + master_encryption_key_path =3D g_strdup_printf("%s/master-encrypti= on-key", credentials_directory); + if (access(master_encryption_key_path, R_OK) =3D=3D 0) { + driver->masterKeyPath =3D g_strdup(master_encryption_key_path); + } + } else if (access(secretsconf, R_OK) =3D=3D 0) { + if (!(conf =3D virConfReadFile(secretsconf, 0))) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to read secrets.conf from %1$s"), + secretsconf); + goto error; + } + + if (virConfGetValueString(conf, "master_encryption_key", &driver->= masterKeyPath) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to get master_encryption_key from %1$= s"), + secretsconf); + goto error; + } + } else { + VIR_DEBUG("No secrets configuration found %s, skipping", driver->c= onfigDir); + driver->masterKeyPath =3D NULL; + driver->masterKeyLen =3D 0; + } + if (driver->masterKeyPath) { + if (!secretGetMasterKey(&driver->masterKey, &driver->masterKeyLen)= ) { + goto error; + } + VIR_DEBUG("Master encryption key loaded from %s", driver->masterKe= yPath); + VIR_DEBUG("Master encryption key length: %zu bytes", driver->maste= rKeyLen); + } + if (virConfGetValueInt(conf, "encrypt_data", &driver->encrypt_data) < = 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Failed to get encrypt_data from %1$s"), + secretsconf); + goto error; + } return VIR_DRV_STATE_INIT_COMPLETE; =20 error: diff --git a/src/secret/secrets.conf.in b/src/secret/secrets.conf.in new file mode 100644 index 0000000000..80bb9654ce --- /dev/null +++ b/src/secret/secrets.conf.in @@ -0,0 +1,14 @@ +# +# Master configuration file for the secrets driver. +# + +# The master encryption key is used to override default master encryption +# key path. The user can create an encryption key and set the master_encry= ption_key +# to the path on which it resides. +# The key must be atleast 32-bytes long. +# +# master_encryption_key =3D "/run/libvirt/secrets/master.key" +# +# The encrypt_data setting is used to indicate if the encryption is on or = off. +# 0 indicates off and 1 indicates on. By default it is set to on. +encrypt_data =3D 1 --=20 2.51.1 From nobody Fri Nov 21 10:01:44 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763041439; cv=none; d=zohomail.com; s=zohoarc; b=lW5RQ6GWQIurJiEtm4QA10ZUAqR6RZPXhh4PajnQUVH0/TwkqlVrl7fU4rB0pCHehs58ioXjphMHfNUICQs9PmwfwTZDVX73aeW90b88h9jC82yWyx1uzq6YAHIA2QnexIncmvnowCiO4a6ivPQRpAVxRKivf4l6PyqpIpfTFt8= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763041439; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=B1H1AuouhiVYhxYuHi+cv4DjOZ1OdDSZ6C7rFIXq9Jg=; b=j1w0TXQLY6pCLxdhM/qMOEbUFJ7xk4wTHRxs0UtMzzaOlg51I0amtOZLVLkb4b7WJbFLI6xirZnO6hnqPkbNKomWsy0dCDIr2FV315OcEYJxSbWVRaAyQydCRKNCUH6RGyabhXwgSKIFF7imM67LSzvpJRwfcNr1MVR7meniZao= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763041439221831.0053906441341; Thu, 13 Nov 2025 05:43:59 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 35A854456F; Thu, 13 Nov 2025 08:43:58 -0500 (EST) Received: from [172.19.199.29] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id 88F3744AEF; Thu, 13 Nov 2025 08:39:40 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 0A4A343E51; Thu, 13 Nov 2025 08:32:56 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 2CF4B442D4 for ; Thu, 13 Nov 2025 08:32:53 -0500 (EST) Received: from mail-pf1-f199.google.com (mail-pf1-f199.google.com [209.85.210.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-199-6_gaGTt4PHC5wKUHJRtUSg-1; Thu, 13 Nov 2025 08:32:51 -0500 Received: by mail-pf1-f199.google.com with SMTP id d2e1a72fcca58-7b90740249dso1785369b3a.0 for ; Thu, 13 Nov 2025 05:32:51 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.242]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7b927151380sm2373676b3a.38.2025.11.13.05.32.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 13 Nov 2025 05:32:47 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763040772; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=B1H1AuouhiVYhxYuHi+cv4DjOZ1OdDSZ6C7rFIXq9Jg=; b=BuoKSg/IuWvg5+uD//YBfr2g9pyEn/2khCgtJLeRWRBAmGwxI3towEK/XbFHHeR4/mGoM+ MgsZf7+zuuL6CsXFecvBah+xIZzQpQi8KJlewRZgzLhjIw+LLzdKirU1xf47VVHROzT6iE /FPExV2OkYB/n92botu0RsN+9bb/tMg= X-MC-Unique: 6_gaGTt4PHC5wKUHJRtUSg-1 X-Mimecast-MFC-AGG-ID: 6_gaGTt4PHC5wKUHJRtUSg_1763040770 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763040770; x=1763645570; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=B1H1AuouhiVYhxYuHi+cv4DjOZ1OdDSZ6C7rFIXq9Jg=; b=bv0qgJmkIq2+5/SDizUxdQOKC2sSOipO2LBYA63xhQPl/ptuSxlnfgS24IrJ3TXoS6 Zs7IBsen5kxQlc2BSfhlRGzYrkSjZmHl5TzVSQZdOv8ZIIh16pwgwQC9p55Rds6/fkwS tNMHgM9DZdqdnH40daYCe/DvQWvdLjXmuCb4bITtRsrsOg1YkUeAUjSPOMLMIG2N8AwZ 3a237s5uHXCZHYpbzp3fHqmigOgiC0V8EJDwIMH9Bez6fAWpleMtEAGnN7G1dvAz2XQd H+SzM8S0lk6MUAKsPXYCWdj2p8jQASI8ndmOo86ZjJdcFSgaPpsEcVyzWz98ftQfWmfr 9vgg== X-Gm-Message-State: AOJu0Yz9uhfsUzz4DjjG6n3OBPV5Dy6MDpNAUIMuBEm2CJvXzAnOyBVa WVVw7StS0xXQYXh0vc4D5KdEi0oUyNAgYuPwhQzk0j1g3UGUoc7vhONAu59IxDd/QRM+/rZ/NI+ JA6+AG/NP7czbeE02+eVLXZQofs+BUxMU5fYPaGc3S3QzDIjUecQK+nDHiL84Tyte6hqmLP/XTc AfsOXxdGB0HlQjMbsTI5144RizD4PJUPGZR9lDUnE7JQ== X-Gm-Gg: ASbGnctkwKkpfiUa30BnjsVv9JNRBW5IuJ8eM0pn0L0gUJuybO0lJNhtuZLhypQKJmj b+LodSAseo82ByUvuz8gU+YJnDNGVbfsUdK3vFRqNrRfhD4xGAaMUR6hcuJXJ0j6guEdhacf0y3 uu/CGcMG1l2rhGpOPtN7udhsRHT8lB92KeJa6rjSCxP5WPqB80OrRo5hItmZ+74lRJbUMqC0nPC iQxXDUO6yV1B0ZZlJrccMjhqZ/52SXij2rdWspdoGt+8AvYWIKAiDTh+wAIUhtEnl4qS9NBQmhC XsCGYRgiZMQaQDXmk5gwytNASyjsqrU4Wn/lbJ7Rb/yNtvM3Hx+YRh4ozpLLfi86lMiYS9I82cp Vvuaf2TSat5JEZ1qOs7I4HuibJrryRCU6x0MAMFj4bsllNoQ= X-Received: by 2002:a05:6a00:2d8a:b0:781:c54:4d12 with SMTP id d2e1a72fcca58-7b7a3380bf0mr7717835b3a.13.1763040769759; Thu, 13 Nov 2025 05:32:49 -0800 (PST) X-Google-Smtp-Source: AGHT+IFI+c9FXTgV5CVNOwMRcYdLWcKwyOKFAz2p3PqZOGdkMyb3JNiB9NynsyfSsvxYfarzmq8qjw== X-Received: by 2002:a05:6a00:2d8a:b0:781:c54:4d12 with SMTP id d2e1a72fcca58-7b7a3380bf0mr7717789b3a.13.1763040769188; Thu, 13 Nov 2025 05:32:49 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC 4/4] secret: Add functionality to load and save secrets in encrypted format Date: Thu, 13 Nov 2025 19:02:23 +0530 Message-ID: <20251113133223.32729-5-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251113133223.32729-1-armenon@redhat.com> References: <20251113133223.32729-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 0GVJo0y1PI414ojfRTBVJ4Enl7oTtPzL9RQsaZzKrMs_1763040770 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: HUHB7D6RFT2Y4IK2F223EGDSUAHYWRXY X-Message-ID-Hash: HUHB7D6RFT2Y4IK2F223EGDSUAHYWRXY X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon , =?UTF-8?q?Michal=20Pr=C3=ADvozn=C3=ADk?= X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763041450522158500 Content-Type: text/plain; charset="utf-8"; x-default="true" Since we now have the functionality to provide the secrets driver with an encryption key, we can use it to encrypt the secrets. While loading the secrets, we check whether the secret is encrypted or not and accordingly get the value. The value_encrypted boolean flag is currently ephemeral (in memory). This flag must be persisted to the disk to ensure that the secrets service knows whether the secret is in the plaintext or ciphertext format across restarts. This is vital and will be addressed in subsequent commits. Signed-off-by: Arun Menon --- src/conf/virsecretobj.c | 13 +++++++ src/conf/virsecretobj.h | 7 ++++ src/libvirt_private.syms | 2 ++ src/secret/secret_driver.c | 72 ++++++++++++++++++++++++++++++++++++-- 4 files changed, 92 insertions(+), 2 deletions(-) diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index 66270e2751..8184c3e49e 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -43,6 +43,7 @@ struct _virSecretObj { virSecretDef *def; unsigned char *value; /* May be NULL */ size_t value_size; + bool value_encrypted; }; =20 static virClass *virSecretObjClass; @@ -786,6 +787,18 @@ virSecretObjSetValueSize(virSecretObj *obj, obj->value_size =3D value_size; } =20 +bool +virSecretObjGetEncryptionFlag(virSecretObj *obj) +{ + return obj->value_encrypted; +} + +void +virSecretObjSetEncryptionFlag(virSecretObj *obj, + bool encryption) +{ + obj->value_encrypted =3D encryption; +} =20 static int virSecretLoadValidateUUID(virSecretDef *def, diff --git a/src/conf/virsecretobj.h b/src/conf/virsecretobj.h index 17897c5513..4e3b285b82 100644 --- a/src/conf/virsecretobj.h +++ b/src/conf/virsecretobj.h @@ -113,3 +113,10 @@ virSecretObjSetValueSize(virSecretObj *obj, int virSecretLoadAllConfigs(virSecretObjList *secrets, const char *configDir); + +void +virSecretObjSetEncryptionFlag(virSecretObj *obj, + bool encryption); + +bool +virSecretObjGetEncryptionFlag(virSecretObj *obj); diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index fc5fdb00f4..cf6a4ffe03 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -1483,6 +1483,7 @@ virSecretObjDeleteConfig; virSecretObjDeleteData; virSecretObjEndAPI; virSecretObjGetDef; +virSecretObjGetEncryptionFlag; virSecretObjGetValue; virSecretObjGetValueSize; virSecretObjListAdd; @@ -1496,6 +1497,7 @@ virSecretObjListRemove; virSecretObjSaveConfig; virSecretObjSaveData; virSecretObjSetDef; +virSecretObjSetEncryptionFlag; virSecretObjSetValue; virSecretObjSetValueSize; =20 diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c index 0b415e5ef3..44f0611fdc 100644 --- a/src/secret/secret_driver.c +++ b/src/secret/secret_driver.c @@ -43,6 +43,9 @@ #include "virutil.h" #include "virinhibitor.h" #include "virfile.h" +#include "virrandom.h" +#include "vircrypto.h" +#include "virsecureerase.h" =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 @@ -369,6 +372,12 @@ secretSetValue(virSecretPtr secret, virSecretDef *def; virObjectEvent *event =3D NULL; =20 + g_autofree uint8_t *encryptedValue =3D NULL; + size_t encryptedValueLen =3D 0; + uint8_t iv[16] =3D { 0 }; + g_autofree uint8_t *valueToSave =3D NULL; + size_t valueToSaveLen =3D 0; + virCheckFlags(0, -1); =20 if (!(obj =3D secretObjFromSecret(secret))) @@ -378,8 +387,32 @@ secretSetValue(virSecretPtr secret, if (virSecretSetValueEnsureACL(secret->conn, def) < 0) goto cleanup; =20 - if (virSecretObjSetValue(obj, value, value_size) < 0) - goto cleanup; + if (driver->encrypt_data !=3D 0 && driver->masterKeyLen >=3D 32) { + virSecretObjSetEncryptionFlag(obj, true); + if (virRandomBytes(iv, sizeof(iv)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to gene= rate random IV")); + goto cleanup; + } + if (virCryptoEncryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driver->masterKey, driver->masterKeyLen, + iv, sizeof(iv), + (uint8_t *)value, value_size, + &encryptedValue, &encryptedValueLen) < 0)= { + virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to encr= ypt secret value")); + goto cleanup; + } + valueToSaveLen =3D sizeof(iv) + encryptedValueLen; + valueToSave =3D g_new0(uint8_t, valueToSaveLen); + memcpy(valueToSave, iv, sizeof(iv)); + memcpy(valueToSave + sizeof(iv), encryptedValue, encryptedValueLen= ); + + if (virSecretObjSetValue(obj, valueToSave, valueToSaveLen) < 0) + goto cleanup; + } else { + virSecretObjSetEncryptionFlag(obj, false); + if (virSecretObjSetValue(obj, value, value_size) < 0) + goto cleanup; + } =20 event =3D virSecretEventValueChangedNew(def->uuid, def->usage_type, @@ -387,6 +420,9 @@ secretSetValue(virSecretPtr secret, ret =3D 0; =20 cleanup: + virSecureErase(encryptedValue, encryptedValueLen); + virSecureErase(iv, sizeof(iv)); + virSecureErase(valueToSave, valueToSaveLen); virSecretObjEndAPI(&obj); virObjectEventStateQueue(driver->secretEventState, event); =20 @@ -402,6 +438,11 @@ secretGetValue(virSecretPtr secret, unsigned char *ret =3D NULL; virSecretObj *obj; virSecretDef *def; + g_autofree uint8_t *decryptedValue =3D NULL; + size_t decryptedValueLen =3D 0; + uint8_t iv[16] =3D { 0 }; + uint8_t *ciphertext =3D NULL; + size_t ciphertextLen =3D 0; =20 virCheckFlags(0, NULL); =20 @@ -444,6 +485,32 @@ secretGetValue(virSecretPtr secret, =20 *value_size =3D virSecretObjGetValueSize(obj); =20 + if (virSecretObjGetEncryptionFlag(obj) && driver->masterKeyLen >=3D 32= ) { + if (*value_size < sizeof(iv)) { + /* The encrypted secret size should be greater than IV */ + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Encrypted secret size is invalid")); + goto cleanup; + } + memcpy(iv, ret, sizeof(iv)); + ciphertext =3D ret + sizeof(iv); + ciphertextLen =3D *value_size - sizeof(iv); + + if (virCryptoDecryptData(VIR_CRYPTO_CIPHER_AES256CBC, + driver->masterKey, driver->masterKeyLen, + iv, sizeof(iv), + ciphertext, ciphertextLen, + &decryptedValue, &decryptedValueLen) < 0)= { + virReportError(VIR_ERR_INVALID_SECRET, "%s", + _("Decryption of secret value failed")); + goto cleanup; + } + + g_free(ret); + ret =3D g_steal_pointer(&decryptedValue); + *value_size =3D decryptedValueLen; + } + cleanup: virSecretObjEndAPI(&obj); =20 @@ -502,6 +569,7 @@ secretStateCleanupLocked(void) =20 virObjectUnref(driver->secrets); VIR_FREE(driver->configDir); + VIR_FREE(driver->masterKeyPath); =20 virObjectUnref(driver->secretEventState); virInhibitorFree(driver->inhibitor); --=20 2.51.1