/qemu/crypto/ |
H A D | secret_common.c | 59 if (!secret->iv) { in qcrypto_secret_decrypt() 165 if (secret->keyid) { in qcrypto_secret_complete() 189 secret->rawdata = input; in qcrypto_secret_complete() 229 g_free(secret->iv); in qcrypto_secret_prop_set_iv() 250 g_free(secret->keyid); in qcrypto_secret_prop_set_keyid() 269 g_free(secret->iv); in qcrypto_secret_finalize() 270 g_free(secret->keyid); in qcrypto_secret_finalize() 271 g_free(secret->rawdata); in qcrypto_secret_finalize() 316 if (!secret) { in qcrypto_secret_lookup() 322 if (!secret->rawdata) { in qcrypto_secret_lookup() [all …]
|
H A D | secret.c | 44 if (secret->file) { in qcrypto_secret_load_data() 45 if (secret->data) { in qcrypto_secret_load_data() 59 } else if (secret->data) { in qcrypto_secret_load_data() 75 g_free(secret->data); in qcrypto_secret_prop_set_data() 76 secret->data = g_strdup(value); in qcrypto_secret_prop_set_data() 85 return g_strdup(secret->data); in qcrypto_secret_prop_get_data() 96 g_free(secret->file); in qcrypto_secret_prop_set_file() 97 secret->file = g_strdup(value); in qcrypto_secret_prop_set_file() 106 return g_strdup(secret->file); in qcrypto_secret_prop_get_file() 115 g_free(secret->file); in qcrypto_secret_finalize() [all …]
|
H A D | secret_keyring.c | 43 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(sec_common); in qcrypto_secret_keyring_load_data() local 50 if (!secret->serial) { in qcrypto_secret_keyring_load_data() 55 retcode = keyctl_read(secret->serial, NULL, 0); in qcrypto_secret_keyring_load_data() 62 retcode = keyctl_read(secret->serial, buffer, retcode); in qcrypto_secret_keyring_load_data() 75 secret->serial); in qcrypto_secret_keyring_load_data() 84 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_set_key() local 90 secret->serial = value; in qcrypto_secret_prop_set_key() 99 QCryptoSecretKeyring *secret = QCRYPTO_SECRET_KEYRING(obj); in qcrypto_secret_prop_get_key() local 100 int32_t value = secret->serial; in qcrypto_secret_prop_get_key()
|
H A D | block-luks.c | 147 char *secret; member 1214 luks->secret = g_strdup(options->u.luks.key_secret); in qcrypto_block_luks_open() 1280 g_free(luks->secret); in qcrypto_block_luks_open() 1362 luks->secret = g_strdup(options->u.luks.key_secret); in qcrypto_block_luks_create() 1604 g_free(luks->secret); in qcrypto_block_luks_create() 1627 char *secret = opts_luks->secret ?: luks->secret; in qcrypto_block_luks_amend_add_keyslot() local 1665 old_password = qcrypto_secret_lookup_as_utf8(secret, errp); in qcrypto_block_luks_amend_add_keyslot() 1717 if (opts_luks->secret) { in qcrypto_block_luks_amend_erase_keyslots() 1924 g_free(luks->secret); in qcrypto_block_luks_cleanup()
|
/qemu/tests/qemu-iotests/ |
H A D | 293 | 70 _make_test_img $S0 $EXTRA_IMG_ARGS -o ${PR}key-secret=sec0,${PR}iter-time=10 32M 80 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}iter-time=10 139 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec2 142 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1 145 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec0 148 $QEMU_IMG amend $SECRETS $IMGS3 -o ${PR}state=inactive,${PR}old-secret=sec3 161 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=inactive,${PR}old-secret=sec3 171 $QEMU_IMG amend $SECRETS $IMGS0 -o ${PR}state=active,${PR}new-secret=sec1,${PR}keyslot=0 187 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec1 191 $QEMU_IMG amend $SECRETS $IMGS1 -o ${PR}state=inactive,${PR}old-secret=sec5 --force [all …]
|
H A D | 295 | 38 def secret(self): member in Secret 46 "data": self.secret() } 59 for secret in self.secrets: 60 self.vm.cmd("object-add", **secret.to_qmp_object()) 76 def createImg(self, file, secret): argument 80 '--object', *secret.to_cmdline_object(), 82 '-o', self.pfx + 'key-secret=' + secret.id(), 93 'key-secret' : secret.id() 124 def addKeyQmp(self, id, new_secret, secret = None, argument 137 if secret != None: [all …]
|
H A D | 296 | 38 def secret(self): member in Secret 46 "data": self.secret() } 63 for secret in self.secrets: 75 def createImg(self, file, secret): argument 79 '--object', *secret.to_cmdline_object(), 81 '-o', 'key-secret=' + secret.id(), 88 def addKey(self, file, secret, new_secret): argument 91 'key-secret' : secret.id(), 101 '--object', *secret.to_cmdline_object(), 116 def openImageQmp(self, vm, id, file, secret, argument [all …]
|
H A D | 282.out | 2 == Create non-UTF8 secret == 3 == Throws an error because of invalid UTF-8 secret == 4 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0 5 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8 8 Formatting 'vol.img', fmt=luks size=4194304 key-secret=sec0 9 qemu-img: vol.img: Data from secret sec0 is not valid UTF-8
|
H A D | 149.out | 23 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 28 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 33 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 38 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 81 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 86 …c read -P 0x13 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 91 …o -c write -P 0x91 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 96 … write -P 0x5e 3145728M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 141 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… 496 …io -c read -P 0xa7 100M 10M --object secret,id=sec0,data=MTIzNDU2,format=base64 --image-opts drive… [all …]
|
H A D | 087 | 139 _make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size 170 _make_test_img --object secret,id=sec0,data=123456 -o encrypt.format=luks,encrypt.key-secret=sec0 $… 201 _make_test_img --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-secret=sec0 $size
|
H A D | 288 | 46 SECRET=secret,id=sec0,data=passphrase 53 -o key-secret=sec0,iter-time=10 \ 76 -o key-secret=sec0,iter-time=10,preallocation=falloc \ 87 -o key-secret=sec0,iter-time=10 \
|
H A D | 293.out | 31 == filling 4 slots with secret 2 == 33 == adding secret 0 == 35 == adding secret 3 (last slot) == 50 == erase all keys of secret 2== 51 == erase all keys of secret 1== 52 == erase all keys of secret 0== 53 == erasing secret3 will fail now since it is the only secret (in 3 slots) == 85 == erase last secret (should fail) == 89 qemu-img: No secret with id 'sec5' 92 == erase last secret with force by slot (should work) ==
|
H A D | 210.out | 10 …, "options": {"driver": "luks", "file": "imgfile", "iter-time": 10, "key-secret": "keysec0", "size… 15 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": … 63 …, "iter-time": 10, "ivgen-alg": "plain64", "ivgen-hash-alg": "md5", "key-secret": "keysec0", "size… 68 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": … 119 …0", "options": {"driver": "luks", "file": "node0", "iter-time": 10, "key-secret": "keysec0", "size… 124 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": … 167 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size… 173 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size… 179 …: {"job-id": "job0", "options": {"driver": "luks", "file": "node0", "key-secret": "keysec0", "size… 195 image: json:{"driver": "IMGFMT", "file": {"driver": "file", "filename": "TEST_IMG"}, "key-secret": …
|
H A D | 082.out | 65 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 91 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 117 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 143 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 169 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 195 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 221 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 247 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 288 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase 375 encrypt.key-secret=<str> - ID of secret providing qcow AES key or LUKS passphrase [all …]
|
H A D | 178 | 55 $QEMU_IMG measure --object secret,id=sec0,data=MTIzNDU2,format=base64 # size or filename needed 152 --object secret,id=sec0,data=base \ 153 -o encrypt.format=luks,encrypt.key-secret=sec0,encrypt.iter-time=10 \
|
H A D | 049 | 113 test_qemu_img create -f $IMGFMT --object secret,id=sec0,data=123456 -o encryption=on,encrypt.key-se…
|
H A D | 294 | 61 $QEMU_IMG amend $SECRETS $IMGS0 -o state=active,new-secret=sec1,keyslot=1,iter-time=10
|
/qemu/docs/system/ |
H A D | secrets.rst | 3 Providing secret data to QEMU 11 secure manner, using the ``secret`` object type. 32 to pass secret data inline on the command line. 36 -object secret,id=secvnc0,data=87539319 45 -object secret,id=secvnc0,data=ODc1MzkzMTk=,format=base64 54 the secret: 58 -object secret,id=secvnc0,file=vnc-password.txt 65 this newline is not intended to be part of the secret data. 72 -object secret,id=sec0,file=vnc-password.txt,format=base64 80 secret data. [all …]
|
/qemu/docs/devel/ |
H A D | luks-detached-header.rst | 102 # qemu-img create --object secret,id=sec0,data=abc123 -f luks \ 103 -o cipher-alg=aes-256,cipher-mode=xts -o key-secret=sec0 \ 115 -object '{"qom-type":"secret","id":"libvirt-3-format-secret", \ 126 "file":"libvirt-2-format","header":"libvirt-1-format","key-secret": \ 127 "libvirt-3-format-secret"}' \ 134 1. object-add the secret for decrypting the cipher stored in 138 "arguments":{"qom-type":"secret", "id": \ 139 "libvirt-4-format-secret", "data":"abc123"}}' 171 "key-secret":"libvirt-2-format-secret"}}'
|
/qemu/qapi/ |
H A D | crypto.json | 28 # The data format that the secret is provided in 176 # @key-secret: the ID of a QCryptoSecret object providing the 183 'data': { '*key-secret': 'str' }} 197 'data': { '*key-secret': 'str' }} 391 # same secret that was used to open the image 397 '*new-secret': 'str', 398 '*old-secret': 'str', 401 '*secret': 'str' } } 427 # @format: the data format that the secret is provided in 455 # Properties for secret objects. [all …]
|
H A D | misc-target.json | 32 # @launch-secret: The guest is currently being launched; ciphertext 46 'data': ['uninit', 'launch-update', 'launch-secret', 'running', 223 # @sev-inject-launch-secret: 225 # This command injects a secret blob into memory of SEV guest. 227 # @packet-header: the launch secret packet header encoded in base64 229 # @secret: the launch secret data to be injected encoded in base64 231 # @gpa: the guest physical address where secret will be injected. 235 { 'command': 'sev-inject-launch-secret', 236 'data': { 'packet-header': 'str', 'secret': 'str', '*gpa': 'uint64' },
|
/qemu/docs/specs/ |
H A D | sev-guest-firmware.rst | 52 | 0xffffff9e | 4 | SEV secret block base address | 54 | 0xffffffa2 | 4 | SEV secret block size (=0xc00) | 56 | 0xffffffa6 | 2 | SEV secret block entry length (=0x1a) | 58 | 0xffffffa8 | 16 | SEV secret block GUID: | 104 SEV secret block 110 Guest Owner secret (using SEV_LAUNCH_SECRET).
|
/qemu/include/crypto/ |
H A D | secret_common.h | 44 void (*load_data)(QCryptoSecretCommon *secret,
|
/qemu/target/i386/ |
H A D | sev-sysemu-stub.c | 39 void qmp_sev_inject_launch_secret(const char *packet_header, const char *secret, in qmp_sev_inject_launch_secret() argument
|
H A D | sev.h | 63 int sev_inject_launch_secret(const char *hdr, const char *secret,
|