From nobody Fri Nov 21 10:10:51 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1763658397; cv=none; d=zohomail.com; s=zohoarc; b=XKm/DnX+3S9CDZn7NhWUXCpvuFCiK+Qe3bWQ6q1geQ+StnQI+DuP5aO3YtbxRj2/94nN6KQ/T+7ZxMYLgw/xXRryhyJFr6LqtLsFPzlZjZXVAqYCduNy08Tu3f2bgh/2Fqi9PCwOFSkiIVPuUDd4fZQWh1KltZq2ssfmiXCw7kA= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1763658397; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=5rDQ3k2W6K7YPKsOQW/R3AgIjjVtv5tQ536B8VBn5Kg=; b=h3SvF5u/IiHRAudRIyDe9x8ja/+wol2tlRNcdnGuaNG6UfYlyL9H41WtfMl/R8oJuqCneouSRAKNFVxOxJuw7ciy4oAH9Zrq7ae4QTN2XsNBq/2RhagB8fo1M5W2THhQpi+LDXgWaa3u5GGZv63Hr8mWlIcLpdX86BpttqM1BCs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1763658397621844.2552763877574; Thu, 20 Nov 2025 09:06:37 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id 732414412A; Thu, 20 Nov 2025 12:06:36 -0500 (EST) Received: from [172.19.199.53] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id C617D44130; Thu, 20 Nov 2025 11:57:42 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id 3E7F93F84A; Thu, 20 Nov 2025 11:54:05 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 026FD3F87C for ; Thu, 20 Nov 2025 11:54:03 -0500 (EST) Received: from mail-pj1-f70.google.com (mail-pj1-f70.google.com [209.85.216.70]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-621-ohQuXxCWMfOJ-6UUFICbLg-1; Thu, 20 Nov 2025 11:54:01 -0500 Received: by mail-pj1-f70.google.com with SMTP id 98e67ed59e1d1-34188ba5990so3183143a91.0 for ; Thu, 20 Nov 2025 08:54:01 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.104.36]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34727bcaf5asm2887551a91.4.2025.11.20.08.53.58 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 20 Nov 2025 08:53:59 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1763657643; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5rDQ3k2W6K7YPKsOQW/R3AgIjjVtv5tQ536B8VBn5Kg=; b=deMEULM03H+N7qAEsr4PdjkR5qPBKAVXB3a3tcKhI6AXt0YeQJhqnDGhpeJF6De0WYoT6V Nr0UbmCcYi+BcS8ldT1uNwgC5/mwwREmvsBOnfh7o2n7t9VwamHNCfF6VwAvCJCqBwUIzU MeyPiUKE7ytMIYMOl3wg2I1nBh6Uxwk= X-MC-Unique: ohQuXxCWMfOJ-6UUFICbLg-1 X-Mimecast-MFC-AGG-ID: ohQuXxCWMfOJ-6UUFICbLg_1763657640 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1763657640; x=1764262440; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=5rDQ3k2W6K7YPKsOQW/R3AgIjjVtv5tQ536B8VBn5Kg=; b=t79AyPJ0VEGzWqzmzJFDClwf6yihpDtt7nO3islbLsqkunp5yGmFkWYt1PpSjkWt77 T1B1rpRDwtdCwTxEUvw3gl9cpTUiGDEYW8EElw5OmFTl6QNrxmyxEYNvUF5kslgTqh4s 2PA4cU2Afz77E3Q4wzMad0W+xYq9FC9f4LbFCg3k3a0qTaJgIe/MOUGY5umECeyA/TlU RPao7or7HSknxFSHmo51ecIdQjR3/hamoP8Un2r9gnK76ttD0mID8qDD8YIN5r6Q1U3R yCsssZA0NBEDVFOm2q0wLQiH4DJO4Zsa8avK4v9BqR99dsYLLh3hKKhPjnVAtXPMWHac 9ZLw== X-Gm-Message-State: AOJu0YxqeSG+76kE2BhqHjeTKnltrTW8KH5U4zDEQ01XRSdnL0r7FC7z VJNEulin6SSQ8D6fIblFA221cuxK/UABbZO1dVxQOOs4ptzD47kx1/+Ztnxk2HZSlC0EsW3Z0Kn bhEyBKVj9pXqeBoFlhEuP/XAP8jh09un7PeGZ0L4zB1jS2673IkKjot4kiqxU3dRRjrgbS4aEIX UWnwZThl5CK1BK/V74SBZAejfnP3AA4yIPQJlIGwX9pA== X-Gm-Gg: ASbGnctgS22wXdYJsKzBD5JYQIvzF214AjOtOsfjE79o/IYiv3YagsM1+HRfo0kIcBl tbVI2tXk1IDtA3YPRgM7lZQxFyI5WJHZYFQaLwkzyynQw1VnXo5ONPUJkj2suT5E6E8f0cH310y cLGZz5jl2c+0rFj7cWJHNAnYfBmmIJ+uhrP0to7G+mOSvu/EsIHrbxI87gCl6WOLcl/Mg66IdnK fsG0Ptpn0uIy9XPGjUyq2xFb6eKEJLOHUYmPMkCS26rt1NHqgU0SoHG6SYeTOkuSmwEQNb+w0e2 D6T1T2XWGU/5Iy59APBkChAM2ngF/QEm4TtGUJj//2YZ1HpByJrwcQTWmkWRY6UUp3hDsdWyVvS nTkSyHsVzFYbmwOO6FLbVtJZsuGQnMV8UlLw006O/xhW8siscIlJVaZ/2 X-Received: by 2002:a17:90b:288d:b0:33f:ebc2:645 with SMTP id 98e67ed59e1d1-34727c4bba8mr4758357a91.20.1763657640219; Thu, 20 Nov 2025 08:54:00 -0800 (PST) X-Google-Smtp-Source: AGHT+IHIE56tSz2LjeTVEIMn8zLAsrdRXioBjSTYqmBIpwL5VEhlGjnKxOK4VMXkkInwysdfSi35KA== X-Received: by 2002:a17:90b:288d:b0:33f:ebc2:645 with SMTP id 98e67ed59e1d1-34727c4bba8mr4758332a91.20.1763657639809; Thu, 20 Nov 2025 08:53:59 -0800 (PST) To: devel@lists.libvirt.org Subject: [RFC v2 4/5] secret: Add encryptionScheme attribute to the secrets xml configuration Date: Thu, 20 Nov 2025 22:23:45 +0530 Message-ID: <20251120165346.161124-5-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251120165346.161124-1-armenon@redhat.com> References: <20251120165346.161124-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: LX5yuWog2mZlDoWdDXcWhordVlCxWiioeme8IwlYFZU_1763657640 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 6BCMK4XTCNN5PJBHAKVCFS3RHQP3ZUYT X-Message-ID-Hash: 6BCMK4XTCNN5PJBHAKVCFS3RHQP3ZUYT X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1763658407885018900 Content-Type: text/plain; charset="utf-8"; x-default="true" A new attribute is required, to store the encryption scheme used while encrypting the secret. This value will be "none" if the secret is stored in base64 format. For backwards compatibility, the secret will not be encrypted when the attribute itself is absent in the configuration file. In other words, the secret will be stored on the disk in base64 encoded format. This new attribute is essential to be stored on the disk in the xml file, so that we can effectively decrypt the secrets while loading them. It also allows us to add more encryption schemes in the future. Signed-off-by: Arun Menon --- include/libvirt/libvirt-secret.h | 20 ++++++++++++++++++++ src/conf/schemas/secret.rng | 5 +++++ src/conf/secret_conf.c | 21 +++++++++++++++++++++ src/conf/secret_conf.h | 1 + src/util/virsecret.c | 4 ++++ src/util/virsecret.h | 1 + tests/secretxml2xmlin/usage-ceph-space.xml | 1 + tests/secretxml2xmlin/usage-ceph.xml | 1 + tests/secretxml2xmlin/usage-iscsi.xml | 1 + tests/secretxml2xmlin/usage-tls.xml | 1 + tests/secretxml2xmlin/usage-volume.xml | 1 + tests/secretxml2xmlin/usage-vtpm.xml | 1 + 12 files changed, 58 insertions(+) diff --git a/include/libvirt/libvirt-secret.h b/include/libvirt/libvirt-sec= ret.h index 761437d4ad..96a4359107 100644 --- a/include/libvirt/libvirt-secret.h +++ b/include/libvirt/libvirt-secret.h @@ -70,6 +70,26 @@ typedef enum { # endif } virSecretUsageType; =20 +/** + * virSecretEncryptionSchemeType: + * + * Since: 11.10.0 + */ +typedef enum { + VIR_SECRET_ENCRYPTION_SCHEME_NONE =3D 0, /* (Since: 11.10.0) */ + VIR_SECRET_ENCRYPTION_SCHEME_AES256CBS =3D 1, /* (Since: 11.10.0) */ +# ifdef VIR_ENUM_SENTINELS + VIR_SECRET_ENCRYPTION_SCHEME_LAST + /* + * NB: this enum value will increase over time as new encryption schem= es are + * added to the libvirt API. It reflects the last enncryption scheme s= upported + * by this version of the libvirt API. + * + * Since: 11.10.0 + */ +# endif +} virSecretEncryptionSchemeType; + virConnectPtr virSecretGetConnect (virSecretPtr secret); int virConnectNumOfSecrets (virConnectPtr conn); int virConnectListSecrets (virConnectPtr conn, diff --git a/src/conf/schemas/secret.rng b/src/conf/schemas/secret.rng index c90e2eb81f..ae6e62b438 100644 --- a/src/conf/schemas/secret.rng +++ b/src/conf/schemas/secret.rng @@ -42,6 +42,11 @@ + + + + + diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index 966536599e..2fdf3f7f2c 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -131,6 +131,12 @@ virSecretParseXML(xmlXPathContext *ctxt) g_autofree char *ephemeralstr =3D NULL; g_autofree char *privatestr =3D NULL; g_autofree char *uuidstr =3D NULL; + g_autofree char *encryptionScheme =3D NULL; + + /* Encryption scheme is set to -1 to support existing xml secret confi= guration + * files. This indicates that no encryption scheme is specified in th= e XML + */ + int type =3D -1; =20 def =3D g_new0(virSecretDef, 1); =20 @@ -170,6 +176,15 @@ virSecretParseXML(xmlXPathContext *ctxt) if (virSecretDefParseUsage(ctxt, def) < 0) return NULL; =20 + encryptionScheme =3D virXPathString("string(./encryptionScheme)", ctxt= ); + if (encryptionScheme) { + if ((type =3D virSecretEncryptionSchemeTypeFromString(encryptionSc= heme)) < 0) { + virReportError(VIR_ERR_INTERNAL_ERROR, + _("Unknown secret encryption scheme %1$d"), def= ->encryption_scheme); + return NULL; + } + } + def->encryption_scheme =3D type; return g_steal_pointer(&def); } =20 @@ -242,6 +257,7 @@ virSecretDefFormat(const virSecretDef *def) g_auto(virBuffer) buf =3D VIR_BUFFER_INITIALIZER; g_auto(virBuffer) attrBuf =3D VIR_BUFFER_INITIALIZER; g_auto(virBuffer) childBuf =3D VIR_BUFFER_INIT_CHILD(&buf); + const char *type =3D NULL; char uuidstr[VIR_UUID_STRING_BUFLEN]; =20 virBufferAsprintf(&attrBuf, " ephemeral=3D'%s' private=3D'%s'", @@ -257,6 +273,11 @@ virSecretDefFormat(const virSecretDef *def) virSecretDefFormatUsage(&childBuf, def) < 0) return NULL; =20 + type =3D virSecretEncryptionSchemeTypeToString(def->encryption_scheme); + if (type !=3D NULL) { + virBufferEscapeString(&childBuf, "%s\n", + type); + } virXMLFormatElement(&buf, "secret", &attrBuf, &childBuf); return virBufferContentAndReset(&buf); } diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 8f8f47933a..a12bc8e095 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -30,6 +30,7 @@ struct _virSecretDef { char *description; /* May be NULL */ virSecretUsageType usage_type; char *usage_id; /* May be NULL */ + virSecretEncryptionSchemeType encryption_scheme; /* virSecretEncryptio= nSchemeType */ }; =20 void virSecretDefFree(virSecretDef *def); diff --git a/src/util/virsecret.c b/src/util/virsecret.c index 8e74df3b93..c9d9cf2c8a 100644 --- a/src/util/virsecret.c +++ b/src/util/virsecret.c @@ -36,6 +36,10 @@ VIR_ENUM_IMPL(virSecretUsage, VIR_SECRET_USAGE_TYPE_LAST, "none", "volume", "ceph", "iscsi", "tls", "vtpm", ); +VIR_ENUM_IMPL(virSecretEncryptionScheme, + VIR_SECRET_ENCRYPTION_SCHEME_LAST, + "none", "aes256cbc", +); =20 void virSecretLookupDefClear(virSecretLookupTypeDef *def) diff --git a/src/util/virsecret.h b/src/util/virsecret.h index c803f0fe33..01998e307d 100644 --- a/src/util/virsecret.h +++ b/src/util/virsecret.h @@ -27,6 +27,7 @@ #include "virenum.h" =20 VIR_ENUM_DECL(virSecretUsage); +VIR_ENUM_DECL(virSecretEncryptionScheme); =20 typedef enum { VIR_SECRET_LOOKUP_TYPE_NONE, diff --git a/tests/secretxml2xmlin/usage-ceph-space.xml b/tests/secretxml2x= mlin/usage-ceph-space.xml index 557b12474d..2a7a177931 100644 --- a/tests/secretxml2xmlin/usage-ceph-space.xml +++ b/tests/secretxml2xmlin/usage-ceph-space.xml @@ -4,4 +4,5 @@ client.admin secret + none diff --git a/tests/secretxml2xmlin/usage-ceph.xml b/tests/secretxml2xmlin/u= sage-ceph.xml index e880293a63..8a2501c21f 100644 --- a/tests/secretxml2xmlin/usage-ceph.xml +++ b/tests/secretxml2xmlin/usage-ceph.xml @@ -4,4 +4,5 @@ CephCephCephCeph + none diff --git a/tests/secretxml2xmlin/usage-iscsi.xml b/tests/secretxml2xmlin/= usage-iscsi.xml index bfc94722e0..c36a0f8661 100644 --- a/tests/secretxml2xmlin/usage-iscsi.xml +++ b/tests/secretxml2xmlin/usage-iscsi.xml @@ -4,4 +4,5 @@ iscsitarget + none diff --git a/tests/secretxml2xmlin/usage-tls.xml b/tests/secretxml2xmlin/us= age-tls.xml index 88068b56e0..a021e96279 100644 --- a/tests/secretxml2xmlin/usage-tls.xml +++ b/tests/secretxml2xmlin/usage-tls.xml @@ -4,4 +4,5 @@ mumblyfratz + none diff --git a/tests/secretxml2xmlin/usage-volume.xml b/tests/secretxml2xmlin= /usage-volume.xml index e273c57686..7f9a4e13b8 100644 --- a/tests/secretxml2xmlin/usage-volume.xml +++ b/tests/secretxml2xmlin/usage-volume.xml @@ -4,4 +4,5 @@ /var/lib/libvirt/images/image.img + none diff --git a/tests/secretxml2xmlin/usage-vtpm.xml b/tests/secretxml2xmlin/u= sage-vtpm.xml index 5baff3034d..f9b801f765 100644 --- a/tests/secretxml2xmlin/usage-vtpm.xml +++ b/tests/secretxml2xmlin/usage-vtpm.xml @@ -4,4 +4,5 @@ vTPMvTPMvTPM + aes256cbc --=20 2.51.1