From nobody Fri Dec 12 14:05:56 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1765223884; cv=none; d=zohomail.com; s=zohoarc; b=heW2BW8kNA0DFHvg5xyRCr+NBmWEjoQlbNO32+jD7uMZk1HGUFiuKhYRNNZx8rTb/ElasIeK0BRmwHC9RiLAx+I21POw8f1qIVozoDU6xBLhFFw75gN8QDVE52zjqOyJ5ypRcZHTDN61o42d3cPCgFM6gAsEnUdZ+g/6HokMOx0= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1765223884; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Owner:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=TfYkarqOFCsxCxX4AjmQBE/qLOH4sLm7SdhOmuVgxWk=; b=Rs93yVjC85Jm/nZ2ZeH24kbTxCp0Pc5X33r7XPkwVa5aYKwDcRPfdgljd+77uh2JJm8ozVrd7Hp6MTIBWrta/r2s8cLq7Fzja3WeBmkXmWQQiCh6zAWYfDYRHy1laIRt6U2nAFquBn7dS61obQKBrTrHuZwFQd3dY9l/3Cur7fs= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1765223884615147.69892634538473; Mon, 8 Dec 2025 11:58:04 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 993) id B4F6943F06; Mon, 8 Dec 2025 14:58:03 -0500 (EST) Received: from [172.19.199.80] (lists.libvirt.org [8.43.85.245]) by lists.libvirt.org (Postfix) with ESMTP id A305043FD0; Mon, 8 Dec 2025 14:53:27 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 993) id DC9C143F81; Mon, 8 Dec 2025 14:53:14 -0500 (EST) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (3072 bits) server-digest SHA256) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 0058F43E65 for ; Mon, 8 Dec 2025 14:52:49 -0500 (EST) Received: from mail-pl1-f200.google.com (mail-pl1-f200.google.com [209.85.214.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-185-F0YTmTTTN2asyP00aDpbfQ-1; Mon, 08 Dec 2025 14:52:47 -0500 Received: by mail-pl1-f200.google.com with SMTP id d9443c01a7336-297df52c960so96049445ad.1 for ; Mon, 08 Dec 2025 11:52:47 -0800 (PST) Received: from armenon-kvm.armenon-thinkpadp16vgen1.bengluru.csb ([49.36.110.66]) by smtp.gmail.com with ESMTPSA id d9443c01a7336-29daeaab9c0sm134095235ad.68.2025.12.08.11.52.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Dec 2025 11:52:45 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 4.0.1 (2024-03-26) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-5.0 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_PASS autolearn=unavailable autolearn_force=no version=4.0.1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1765223569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=TfYkarqOFCsxCxX4AjmQBE/qLOH4sLm7SdhOmuVgxWk=; b=HNx7cUZSbnpWlwxjHgZUXl6SBxgZLWZ6fI8x07Sp98MwrgGvvifTKcmovBR5BDb4lThjUO uUEMa5zEfIPPjSljcjkfgSWdtbGWp70TeczsqEuknceQyQyRJlOdEZHIzLS2s7LALqO6dT AXjBc2u21DXSyccrWi0PqTgYWrXM4vY= X-MC-Unique: F0YTmTTTN2asyP00aDpbfQ-1 X-Mimecast-MFC-AGG-ID: F0YTmTTTN2asyP00aDpbfQ_1765223567 X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765223566; x=1765828366; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=TfYkarqOFCsxCxX4AjmQBE/qLOH4sLm7SdhOmuVgxWk=; b=EkFATt2M+4yii9FZAZ4s8wrOw/cb8XjvMf1xcRvnNwyS7NgMWBj8VVXLLL7wZvwjru gMI3QdfAMdqJB7IKo/A3JqkvQE6Flpo1iNqfMJDIV/mjjGdvXRYcRgXRRBMO1hIRexx1 Lqzb+YyPn0HjC2731ORbxicuCVS9pVEa2Nhsjq3+c3u2J5ssXmxLq0jYWdF39Gxs4ZbL jxK9KtvZyWOxSmBWu2BFnDjv5UbbRn4VL0IGCavaT/hONQW19K0ROcDuK5WDs89z+IWa JFqCV9WzO8lGIb3ALo0GvVylp9eMhXJqEnHQmpa62USQLfa3Uo8QY1OIJMtta52X3HRK 6AKg== X-Gm-Message-State: AOJu0YwYTGJDnvllXQZzaR0RG6UBo0Dr1jwswb2RtjCXCbk29+3f+ut9 g0MyfYtqPhL0yL+jxIN4/RzDyt7WlvV/Ycd5QchIWZf7QeCGy6esM0qh+2myKN2KgpQ5RGt8Nti iHvZvz2Bn1APAS7unisATA7Nnle99NSm6jUnJLGe4rGRaH8vhTHic71e9BlIpCQ7i7I4RRdNiaV bJsyUPHQgibBGa/zVaZdSRhRMRsAf0SCq2PRYeOeXYLw== X-Gm-Gg: ASbGnct9ZkyP3gosV067HMuYBhkZIddtq+emPRwThqucjXBzlwkf9QsG5RKTzV4XAl2 TuKaQAmWXK+z4pklb+AD6F8Z9/kWO/hUQ4N+L6Fv3FTxbIHvAeVqJEiBkUYLYiGDi14SSETm1xa 4DH2TOICpLb1SRzVFY+I+sXbXW0Nidn5A7Y/s5hOmQp1lpwvcrRLkY7ZUG9PfXEGDi10LI5Bh4W 4+IuYfDz4ThVSb7W86blRyLoy605iDE6Pb7ztpKNFZLaZrX8xJ2PD2LLfFaeNY2kzhdV0sldwF6 dLBXCZYhFwm3MKvTYN5UcbAOYfEd/EUIBMlPgKjgd0q9M8wUtiln9aORrJ4oQ+ZyvCquvQaZI4d HkCMGtVx6b6vrVbMVQ1dlkRA9nklaT60f7dlBS/38cA4LLGtRzW4ml6A2 X-Received: by 2002:a17:902:fc43:b0:29d:9b3c:4fc8 with SMTP id d9443c01a7336-29df6107093mr77337875ad.61.1765223566295; Mon, 08 Dec 2025 11:52:46 -0800 (PST) X-Google-Smtp-Source: AGHT+IFL2Lh4eT4Fllq8B3a7QRQvh5u0Q5fCX9U5sV5jbmW+BUsm1lQmPlt0CqhZvjbGKi8otftWaA== X-Received: by 2002:a17:902:fc43:b0:29d:9b3c:4fc8 with SMTP id d9443c01a7336-29df6107093mr77337655ad.61.1765223565717; Mon, 08 Dec 2025 11:52:45 -0800 (PST) To: devel@lists.libvirt.org Subject: [PATCH 4/5] secret: Add encryptionSchemeType attribute to store ciphers Date: Tue, 9 Dec 2025 01:22:30 +0530 Message-ID: <20251208195231.98170-5-armenon@redhat.com> X-Mailer: git-send-email 2.51.1 In-Reply-To: <20251208195231.98170-1-armenon@redhat.com> References: <20251208195231.98170-1-armenon@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 7g2bmFfXCRl0B4qIhuuvPVsWHEzLxucIQjjfWM_rFJI_1765223567 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: 2LAR2HS4GM4WLUOWQCZI46FCUPJSQXXN X-Message-ID-Hash: 2LAR2HS4GM4WLUOWQCZI46FCUPJSQXXN X-MailFrom: armenon@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; header-match-devel.lists.libvirt.org-0; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Arun Menon X-Mailman-Version: 3.3.10 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: From: Arun Menon via Devel Reply-To: Arun Menon X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1765223889129158500 Content-Type: text/plain; charset="utf-8"; x-default="true" The new attribute will store the available cipher modes with which secrets can be encrypted. At the moment only aes256cbc encryption method is used. This can be extended in future with other modes of cipher. Rename the file-name structure attribute from base64File to secretValueFile. Signed-off-by: Arun Menon --- src/conf/secret_conf.c | 6 ++++++ src/conf/secret_conf.h | 9 +++++++++ src/conf/virsecretobj.c | 22 +++++++++++----------- 3 files changed, 26 insertions(+), 11 deletions(-) diff --git a/src/conf/secret_conf.c b/src/conf/secret_conf.c index 966536599e..dd808aa21a 100644 --- a/src/conf/secret_conf.c +++ b/src/conf/secret_conf.c @@ -32,6 +32,12 @@ =20 #define VIR_FROM_THIS VIR_FROM_SECRET =20 +VIR_ENUM_IMPL(virSecretEncryptionScheme, + VIR_SECRET_ENCRYPTION_SCHEME_LAST, + "none", + "aes256cbc", +); + VIR_LOG_INIT("conf.secret_conf"); =20 void diff --git a/src/conf/secret_conf.h b/src/conf/secret_conf.h index 8f8f47933a..c11558357e 100644 --- a/src/conf/secret_conf.h +++ b/src/conf/secret_conf.h @@ -21,6 +21,7 @@ #pragma once =20 #include "internal.h" +#include "virenum.h" =20 typedef struct _virSecretDef virSecretDef; struct _virSecretDef { @@ -32,6 +33,12 @@ struct _virSecretDef { char *usage_id; /* May be NULL */ }; =20 +typedef enum { + VIR_SECRET_ENCRYPTION_SCHEME_NONE =3D 0, + VIR_SECRET_ENCRYPTION_SCHEME_AES256CBC =3D 1, + VIR_SECRET_ENCRYPTION_SCHEME_LAST +} virSecretEncryptionScheme; + void virSecretDefFree(virSecretDef *def); G_DEFINE_AUTOPTR_CLEANUP_FUNC(virSecretDef, virSecretDefFree); =20 @@ -53,3 +60,5 @@ char *virSecretDefFormat(const virSecretDef *def); #define VIR_CONNECT_LIST_SECRETS_FILTERS_ALL \ (VIR_CONNECT_LIST_SECRETS_FILTERS_EPHEMERAL | \ VIR_CONNECT_LIST_SECRETS_FILTERS_PRIVATE) + +VIR_ENUM_DECL(virSecretEncryptionScheme); diff --git a/src/conf/virsecretobj.c b/src/conf/virsecretobj.c index 66270e2751..a3dd7983bb 100644 --- a/src/conf/virsecretobj.c +++ b/src/conf/virsecretobj.c @@ -39,7 +39,7 @@ VIR_LOG_INIT("conf.virsecretobj"); struct _virSecretObj { virObjectLockable parent; char *configFile; - char *base64File; + char *secretValueFile; virSecretDef *def; unsigned char *value; /* May be NULL */ size_t value_size; @@ -139,7 +139,7 @@ virSecretObjDispose(void *opaque) g_free(obj->value); } g_free(obj->configFile); - g_free(obj->base64File); + g_free(obj->secretValueFile); } =20 =20 @@ -378,11 +378,11 @@ virSecretObjListAdd(virSecretObjList *secrets, if (!(obj =3D virSecretObjNew())) goto cleanup; =20 - /* Generate the possible configFile and base64File strings + /* Generate the possible configFile and secretValueFile strings * using the configDir, uuidstr, and appropriate suffix */ if (!(obj->configFile =3D virFileBuildPath(configDir, uuidstr, ".x= ml")) || - !(obj->base64File =3D virFileBuildPath(configDir, uuidstr, ".b= ase64"))) + !(obj->secretValueFile =3D virFileBuildPath(configDir, uuidstr= , ".base64"))) goto cleanup; =20 if (virHashAddEntry(secrets->objs, uuidstr, obj) < 0) @@ -656,7 +656,7 @@ virSecretObjDeleteData(virSecretObj *obj) { /* The configFile will already be removed, so secret won't be * loaded again if this fails */ - unlink(obj->base64File); + unlink(obj->secretValueFile); } =20 =20 @@ -691,7 +691,7 @@ virSecretObjSaveData(virSecretObj *obj) =20 base64 =3D g_base64_encode(obj->value, obj->value_size); =20 - if (virFileRewriteStr(obj->base64File, S_IRUSR | S_IWUSR, base64) < 0) + if (virFileRewriteStr(obj->secretValueFile, S_IRUSR | S_IWUSR, base64)= < 0) return -1; =20 return 0; @@ -813,26 +813,26 @@ virSecretLoadValue(virSecretObj *obj) struct stat st; g_autofree char *contents =3D NULL; =20 - if ((fd =3D open(obj->base64File, O_RDONLY)) =3D=3D -1) { + if ((fd =3D open(obj->secretValueFile, O_RDONLY)) =3D=3D -1) { if (errno =3D=3D ENOENT) { ret =3D 0; goto cleanup; } virReportSystemError(errno, _("cannot open '%1$s'"), - obj->base64File); + obj->secretValueFile); goto cleanup; } =20 if (fstat(fd, &st) < 0) { virReportSystemError(errno, _("cannot stat '%1$s'"), - obj->base64File); + obj->secretValueFile); goto cleanup; } =20 if ((size_t)st.st_size !=3D st.st_size) { virReportError(VIR_ERR_INTERNAL_ERROR, _("'%1$s' file does not fit in memory"), - obj->base64File); + obj->secretValueFile); goto cleanup; } =20 @@ -845,7 +845,7 @@ virSecretLoadValue(virSecretObj *obj) =20 if (saferead(fd, contents, st.st_size) !=3D st.st_size) { virReportSystemError(errno, _("cannot read '%1$s'"), - obj->base64File); + obj->secretValueFile); goto cleanup; } contents[st.st_size] =3D '\0'; --=20 2.51.1